Enumerate or List Members Is In A Large (1500 members) Active Directory Group Using Directory Services

You need to be careful if you are listing or enumerating members in large groups (i.e. over 1500 members). The standard approach in the first code sample doesn’t work as the DE.Properties[“member”] property will only return 1500 members

The solution is shown in the 2nd code snippet using the ADSI Edit Invoke statement


using System;
using System.Collections;
using System.Collections.Generic;
using System.Text;
using System.DirectoryServices;
using ActiveDs;

namespace DirectoryServices
{
  static class ADGroup
  {
    const string GROUP_PATH = "LDAP://PATHTOGROUPGOESHERE";
    const string MEMBER_PATH = "LDAP://PATHTOUSERGOESHERE";
    const string MEMBER_DISTINGUISHED_NAME = "USERDISTINGUISHEDNAMEGOESHERE";

    public static void ListMembers()
{
using (DirectoryEntry DE = new DirectoryEntry(GROUP_PATH))
{
for (int i = 0; i < DE.Properties["member"].Count; i++)
{
string val = DE.Properties["member"][i].ToString();
Console.WriteLine(i + " - " + val);
}
}
}
}
}

Use the code below to enumerate/list members in a large group (over 1500 members)


using System;
using System.Collections;
using System.Collections.Generic;
using System.Text;
using System.DirectoryServices;
using ActiveDs;

namespace DirectoryServices
{
static class ADGroup
{
const string GROUP_PATH = "LDAP://PATHTOGROUPGOESHERE";
const string MEMBER_PATH = "LDAP://PATHTOUSERGOESHERE";
const string MEMBER_DISTINGUISHED_NAME = "USERDISTINGUISHEDNAMEGOESHERE";

public static void ListMembers()
{
using (DirectoryEntry DE = new DirectoryEntry(GROUP_PATH))
{
IADsMembers groupMembers = (IADsMembers) DE.Invoke("members", null);
int ctr = 0;
foreach (object groupMember in groupMembers)
{
IADs user = (IADs)groupMember;

ctr = ctr + 1;
Console.WriteLine(ctr + " - " + user.Name);
}
}
}
}
}

Leave a Reply

Your email address will not be published. Required fields are marked *