问题
There are a couple of questions similar to this on stack overflow but not quite the same.
I want to open, or create, a local group on a win xp computer and add members to it, domain, local and well known accounts. I also want to check whether a user is already a member so that I don't add the same account twice, and presumably get an exception.
So far I started using the DirectoryEntry object with the WinNT:// provider. This is going ok but I'm stuck on how to get a list of members of a group?
Anyone know how to do this? Or provide a better solution than using DirectoryEntry?
回答1:
Okay, it's taken a while, messing around with different solutions but the one that fits best with my original question is given below. I can't get the DirectoryEntry object to access the members of a local group using the 'standard' methods, the only way I could get it to enumerate the members was by using the Invoke method to call the native objects Members method.
using(DirectoryEntry groupEntry = new DirectoryEntry("WinNT://./Administrators,group"))
{
foreach(object member in (IEnumerable) groupEntry.Invoke("Members"))
{
using(DirectoryEntry memberEntry = new DirectoryEntry(member))
{
Console.WriteLine(memberEntry.Path);
}
}
}
I also used a similar technique to add and remove members from the local group.
Hopefully this helps someone else as well. Keith.
EDIT by Tim: added VB.Net version
Public Function MembersOfGroup(ByVal GroupName As String) As List(Of DirectoryEntry)
Dim members As New List(Of DirectoryEntry)
Try
Using search As New DirectoryEntry("WinNT://./" & GroupName & ",group")
For Each member As Object In DirectCast(search.Invoke("Members"), IEnumerable)
Dim memberEntry As New DirectoryEntry(member)
members.Add(memberEntry)
Next
End Using
Catch ex As Exception
MessageBox.Show(ex.ToString)
End Try
Return members
End Function
回答2:
Microsoft .NET Framework provides a standard library for working with Active Directory: System.DirectoryServices namespace in the System.DirectoryServices.dll.
Microsoft recommends using two main classes from the System.DirectoryServices namespace: DirectoryEntry and DirectorySearcher. In most cases, it is enough to use DirectorySearcher class only.
UPDATE: I tested it on my machine - it works. But maybe I've misunderstood your question.
Here is an example from an excellent CodeProject article:
Get a list of users belonging to a particular AD group
using System.DirectoryServices;
ArrayList GetADGroupUsers(string groupName)
{
SearchResult result;
DirectorySearcher search = new DirectorySearcher();
search.Filter = String.Format("(cn={0})", groupName);
search.PropertiesToLoad.Add("member");
result = search.FindOne();
ArrayList userNames = new ArrayList();
if (result != null)
{
for (int counter = 0; counter <
result.Properties["member"].Count; counter++)
{
string user = (string)result.Properties["member"][counter];
userNames.Add(user);
}
}
return userNames;
}
回答3:
You should be able to find this information inside the "member" attribute on the DirectoryEntry that represents the group.
来源:https://stackoverflow.com/questions/252882/get-a-list-of-members-of-a-winnt-group