|
dev
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Active Directory and DirectorySearcher Filterdirectory. Now I want to use the filter to limit the groups and users. I would like to remove the builtin groups. I use the code below but the built in groups are still there. The main question is how do I construct the filter strings. The code gives me the properties and their values. Do I use these properties and values in the filter or is there other information I am missing. Code: Dim strDomPath As String = "LDAP://cd2k3domtest/DC=CDTESTDOM,DC=adwaresystems,DC=com" Dim dirEnt As New DirectoryEntry(strDomPath) Dim dsgroups As New DirectorySearcher(dirEnt) dsgroups.SearchScope = SearchScope.Subtree dsgroups.Filter = "(&(objectCategory=group)(!distinguishedname=Builtin))" Dim srGroupsCol As SearchResultCollection Try srGroupsCol = dsGroups.FindAll() Catch domE As Exception Dim str As String str = domE.Message End Try Dim objarray() As String ReDim objarray(35) Dim arrGroup As New ArrayList Dim srGroups As SearchResult For Each srGroups In srGroupsCol 'will get all property names that are available srGroups.Properties.PropertyNames.CopyTo(objarray, 0) Dim i As Integer For i = 0 To objarray.Length - 1 Try Dim strPro As String = CType(objarray(i).ToString, String) Response.Write(strPro & " " & srGroups.Properties(strPro).Item(0).ToString & "<br />") Catch End Try Next Response.Write("*************************************************************<br />") Next -- Jerry >I am using DirectoryServices to get all groups and all users from active As far as I know, you cannot easily remove the "built-in" groups ->directory. Now I want to use the filter to limit the groups and users. I >would like to remove the builtin groups. I use the code below but the built >in groups are still there. there's no single attribute to identify them. All you could do is enumerate the list of groups, and compare those to a specific fixed list of built-in groups, and remove any of those from your enumeration. Also, if you could narrow your search to a subtree in your AD tree, e.g. something like "OU=MyDepartment", then you'd definitely not find any built-in groups under that subtree. Marc mark,
Thanks for your reply. I did find some attributes to work with. In the distinguishedname attribute I looked for Builtin. Code snip below. InStr(ccGroupResult.Properties("distinguishedname").Item(0).ToString, "Builtin") = 0 and the attribute iscriticalsystemobject = True UserGroupResult.Properties("iscriticalsystemobject").Item(0).ToString = "True" but this did not find all the groups or users I wanted to get rid of so your suggestion of a list looks like the answer. Thank you, -- Show quoteJerry "Marc Scheuner" wrote: > >I am using DirectoryServices to get all groups and all users from active > >directory. Now I want to use the filter to limit the groups and users. I > >would like to remove the builtin groups. I use the code below but the built > >in groups are still there. > > As far as I know, you cannot easily remove the "built-in" groups - > there's no single attribute to identify them. All you could do is > enumerate the list of groups, and compare those to a specific fixed > list of built-in groups, and remove any of those from your > enumeration. > > Also, if you could narrow your search to a subtree in your AD tree, > e.g. something like "OU=MyDepartment", then you'd definitely not find > any built-in groups under that subtree. > > Marc >  |
|||||||||||||||||||||||
Other interesting topics