1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
|
' Imports System.DirectoryServices
' Establish a connection to AD
' Not always necessary, you can pass Null in with the constructor for DirectorySearcher and
' achieve the same adDomain setting I have below
' Assuming authentication and serverless binding
Dim adDomain As New DirectoryEntry()
' If those aren't good assumptions then one of these is better:
' 1. Assuming authentication, connection to server "domain.com", connection to default Naming Context (NC)
' Dim adDomain As New DirectoryEntry("LDAP://domain.com")
' 2. Assuming Authentication, connection to server "domain.com", connection to DC=domain,DC=com NC
' Dim adDomain As New DirectoryEntry("LDAP://domain.com/DC=domain,DC=com")
' 3. Passing Authentication, connection to server "domain.com", connection to DC=domain,DC=com NC
' Dim adDomain As New DirectoryEntry("LDAP://domain.com/DC=domain,DC=com", "Username", "Password")
' The LDAP Filter.
' To return all users:
Dim ldapFilter As String = "(&(objectClass=user)(objectCategory=person))"
' 1. To return all groups:
' Dim ldapFilter As String = "(objectClass=group)"
' 2. To return all users in a specific group (note the group's distinguished name (DN) must be specified):
' Dim ldapFilter As String = String.Format("(&(objectClass=user)(objectCategory=person)(memberOf={0}))", _
' "CN=Group Name,OU=Somewhere,DC=domain,DC=com")
' Another search may be required to get from a group name to the distinguished name
' 3. To return all users in a specific group, including nested members (requires AD on at least Windows 2003 SP2):
' Dim ldapFilter As String = String.Format("(&(objectClass=user)(objectCategory=person)(member:1.2.840.113556.1.4.1941:={0}))", _
' "CN=Group Name,OU=Somewhere,DC=domain,DC=com")
' To return all members of a group:
' 4. To return the groups a user belongs to (can also enumerate the "memberOf" property,
' full DN of user must be specified):
' Dim ldapFilter As String = String.Format("(&(objectClass=group)(member={0}))", _
' "CN=User Name,OU=Somewhere,DC=domain,DC=com")
' 5. To return the groups a user belongs to, including nested membership (requires AD on at least Windows 2003 SP2):
' Dim ldapFilter As String = String.Format("(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={0}))", _
' "CN=User Name,OU=Somewhere,DC=domain,DC=com")
' Creating the searcher
Dim adSearch As New DirectorySearcher(adDomain, ldapFilter)
' Enabling Paging, otherwise result set is limited to 1000
adSearch.PageSize = 1000
' Specific properties can be requested (optional, but good for efficient searching):
adSearch.PropertiesToLoad.AddRange(New String() {"name", "mail", "proxyAddresses", "msExchHomeServerName"})
' Executing the search
Dim adSearchResults As SearchResultCollection = adSearch.FindAll()
' If filter will produce a unique result this can be used:
' Dim adSearchResult As SearchResult = adSearch.FindOne()
' Loop through the results
For Each adSearchResult As SearchResult In adSearchResults
' Get the name attribute from the object (whether it is a user or group or computer or ...)
Console.WriteLine(adSearchResult.Properties("name")(0).ToString()
' mail is single-valued, can be accessed via the first element in the property value collection
Console.WriteLine(adSearchResult.Properties("mail")(0).ToString())
' proxyAddresses is multi-valued, contains each mail address assigned to the account. Loop or join.
For Each Address As String In adSearchResult.Properties("proxyaddresses")
Console.WriteLine(Address)
Next
' msExchHomeServerName is a single-valued attribute containing a reference string to the Exchange server
Console.WriteLine(adSearchResult.Properties("msexchhomeservername")(0).ToString()
Next
|