Camera Icon

Got an event that needs shooting?  I've covered multiple events for marathon-photos.com and can capture the scenes & emotions that make your event unique.

Some samples of my own work are at Digital Formula on Flickr.

Wand Icon

Do you or your business need a website but you're unsure where to start?  Get in touch now and we'll get it sorted.

I focus on usable functionality & can setup smaller sites using Wordpress within hours of the order being placed.  Magic!

Globe Icon

So, you've already got a website but need help managing it?  I can help you.

Don't worry about knowing every single detail.  I'll find out the most important stuff and work with you to reach your goal, not someone else's.

said on twitter: LOL spammers really do bank on the ignorance of their targets huh? A file with a .jpg.exe extension ... really? http://t.co/0TgobjQc

 
February 26
2009
Development
Archived
Short URL
Warning: This article is older than 180 days and may contain inaccurate information.  Please use the information below at your own risk.

VB.NET – List active directory users – Re-write

Article rewrite

Please note: This is a rewrite of an article I wrote way back in 2007. The original article has been updated with a link to this one.

As per usual I had a situation where I had to do some Active Directory stuff with VB.NET. I had to grab a list of all the users in our AD so that people could select a user and perform functions on them from within a webpage. Another note: This article is VB.NET-specific. If you’d like to know how to do this using C# please see this post’s “partner” entitled "Follow Up – List active directory users – This time in C#"

Carrying on though, there are a number of ways you can do this but in the .NET Framework they all involve using the System.DirectoryServices namespace. A couple of quick things to be aware of before you try this yourself:

  • Before messing with your Active Directory make sure you know what you’re doing and have the permissions of your AD Administrators (if it’s not you!)
  • If you are going to use any of the following code from a .NET console application you’ll need to add a reference to System.DirectoryServices in addition to importing the namespace. I wrote a post a while ago about this entitled “Developer Dumbness” – it has the steps you need to add a reference to a .NET console application.

Anyway, the code below is a simple function that queries your Active Directory domain and retrieves all the user objects. This particular example filters out any user account whose “DisplayName” attribute meets the following criteria (the requirements for the app I had to write):

  • Has an email address
  • Does not contain the “$” symbol
  • Does not contain the words “Admin” or “admin”
  • Does not contain the words “Test” or “test”
  • Does not contain the words “Service” or “service”
  • Does not contain the word “System” or “system”

The example code below is a complete Windows console application that does all of the above. It’s important to note that if you’re using this in a production environment you’ll need to make sure the application containing the code has access to the Active Directory, usually using .NET impersonation – this is beyond the scope of this post. 

Imports System
Imports System.Collections.Generic
Imports System.DirectoryServices
 
Module ListAdUsers
 
    Sub Main(ByVal ParamArray Args() As String)
 
        Console.Clear()
        Dim userList As List(Of String) = New List(Of String)
 
        Dim badEntries As Integer = 0
        Dim domainName As String = String.Empty
 
        If (Args.Length > 0) Then
            domainName = Args(0)
        Else
            Console.Write(String.Format("{0}Please enter your Active Directory domain name: ", vbCrLf))
            domainName = Console.ReadLine()
        End If
 
        Console.Write(String.Format("{0}Attempting to build user list for {1} ...{0}{0}", vbCrLf, domainName))
 
        Try
            If Not String.IsNullOrEmpty(domainName) Then
                Dim myDirectoryEntry As DirectoryEntry = New DirectoryEntry(String.Format("LDAP://{0}", domainName))
                Dim mySearcher As DirectorySearcher = New DirectorySearcher(myDirectoryEntry)
                Dim mySort As SortOption = New SortOption("sn", SortDirection.Ascending)
                mySearcher.Filter = ("(objectClass=user)")
                mySearcher.Sort = mySort
                For Each resEnt As SearchResult In mySearcher.FindAll()
                    Try
                        If Not String.IsNullOrEmpty(resEnt.Properties("Mail")(0).ToString()) _
                            AndAlso System.Text.RegularExpressions.Regex.IsMatch(resEnt.Properties("DisplayName")(0).ToString(), " |admin|test|service|system|[$]", System.Text.RegularExpressions.RegexOptions.IgnoreCase) Then
                            Dim space As Integer = resEnt.Properties("DisplayName")(0).ToString().IndexOf(" ")
                            Dim formattedName As String = String.Format("{0}{1}{2}", _
                                                                        resEnt.Properties("DisplayName")(0).ToString().Substring(space).PadRight(25), _
                                                                        resEnt.Properties("DisplayName")(0).ToString().Substring(0, space).PadRight(15), _
                                                                        resEnt.Properties("Mail")(0).ToString() _
                                                                        )
                            userList.Add(formattedName)
                        End If
                    Catch
                        badEntries = badEntries + 1
                    End Try
                Next
                If (userList.Count > 0) Then
                    Console.WriteLine(String.Format("=========== Listing of users in the {0} domain{1}", domainName, vbCrLf))
                    Console.WriteLine(String.Format("{0}{1}{2}{3}", "Surname".PadRight(25), "First Name".PadRight(15), "Email Address", vbCrLf))
                    For i = 0 To userList.Count - 1
                        Console.WriteLine(userList(i).ToString())
                    Next
                    Console.WriteLine(String.Format("{0}=========== {1} users found in the {2} domain", vbCrLf, userList.Count.ToString(), domainName))
                Else
                    Console.WriteLine(String.Format("{0}=========== 0 users found in the {1} domain", vbCrLf, userList.Count.ToString()))
                End If
                Console.WriteLine(String.Format("=========== {0} objects could not be read", badEntries.ToString()))
                Console.WriteLine("=========== End of Listing")
            Else
                Console.WriteLine("Please enter a domain name next time!")
            End If
        Catch ex As Exception
            ' in a production app you wouldn't show the user the exception details
            Console.Write(String.Format("A critical error occurred.{0}Details: {1}", vbCrLf, ex.Message.ToString()))
        End Try
    End Sub
 
End Module

There are a HEAP of atttibutes you can use instead of “sn” in the sample above. Personally I use ADSIEDIT.MSC to look at all the possible attributes but you’ll need domain administrative access to run that. Here are a couple of useful ones though …

  • company
  • department
  • description
  • displayName
  • mail
  • manager
  • name
  • givenName
  • sAMAccountName

Hope that helps someone! :)

» Tags: .net, vb, vb.net, active directory, list active directory users, list active users vb.net, list ad users, list ad users vb.net
DigitalFormula is an experiment in HTML5 and CSS3 design by Chris Rasmussen, an amateur/casual designer based in Melbourne, Australia. -37.813611 144.963056