Remove Members From Large (1500 members) Active Directory Group Using Directory Services

You need to be careful if you are removing members from large groups (i.e. over 1500 members). The standard approach in the first code sample doesn’t work as the DE.Properties[“member”] property will only return 1500 members

The solution is shown in the 2nd code snippet using the ADSI Edit Invoke statement

 

[code:c#]

using System;
using System.Collections;
using System.Collections.Generic;
using System.Text;
using System.DirectoryServices;
using ActiveDs;

namespace DirectoryServices
{
    static class ADGroup
    {
        const string GROUP_PATH = “LDAP://PATHTOGROUPGOESHERE”;
        const string MEMBER_PATH = “LDAP://PATHTOUSERGOESHERE”;
        const string MEMBER_DISTINGUISHED_NAME = “USERDISTINGUISHEDNAMEGOESHERE”;

        public static void RemoveMember()
        {
            using (DirectoryEntry DE = new DirectoryEntry(GROUP_PATH))
            {
                DE.Properties[“member”].Remove(MEMBER_DISTINGUISHED_NAME);
                DE.CommitChanges();
            }
        }
    }
}

[/code]

Use the code below to add members to large groups

[code:c#]

using System;
using System.Collections;
using System.Collections.Generic;
using System.Text;
using System.DirectoryServices;
using ActiveDs;

namespace DirectoryServices
{
    static class ADGroup
    {
        const string GROUP_PATH = “LDAP://PATHTOGROUPGOESHERE”;
        const string MEMBER_PATH = “LDAP://PATHTOUSERGOESHERE”;
        const string MEMBER_DISTINGUISHED_NAME = “USERDISTINGUISHEDNAMEGOESHERE”;

        public static void RemoveMember()
        {
            using (DirectoryEntry DE = new DirectoryEntry(GROUP_PATH))
            {
                DE.Invoke(“Remove”, new Object[] { MEMBER_PATH });
            }
        }
    }
}

[/code]

 

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *