Search code examples
active-directoryactive-directory-group

Active Directory Subgroups search

I need have a root AD group and need to enumerate through all its subgroups. I have a code, that connects to the AD server and tries to retrieve subgroups list.

Here's the code:

        private IEnumerable<SearchResult> GetSubGroups(string groupId)
        {
            using (var searcher = new DirectorySearcher(new DirectoryEntry(adServerName, adLogin, adPassword)))
            {

                searcher.Filter = string.Format("(&(objectClass=group)({0}))", groupId);
                //Get the Root Group
                var result = searcher.FindOne();
                object resultMembers = result.GetDirectoryEntry().Invoke("Members", null);

                foreach(var member in ((IEnumerable) resultMembers))
                {
                    var memberEntry = new DirectoryEntry(member);

                    var subgroupsSearcher = new DirectorySearcher(memberEntry);
                    subgroupsSearcher.Filter = "(objectClass=group)";
                    subgroupsSearcher.PropertiesToLoad.Add("samaccountname");
                    subgroupsSearcher.PropertiesToLoad.Add("name");

                    var foundSubGroupResult = subgroupsSearcher.FindOne();

                    ...
                }

                return new List<SearchResult> {result};
            }
    }

When enumerating throught the Invoke("Members", null) results I create another DirectoryEntry for each result. The problem is, that when a subgroupSearcher.FindOne() is called, it ends up with a DirectoryServicesCOMException.

Here's the exception stack trace:
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
at System.DirectoryServices.DirectorySearcher.FindOne()
...other methods...

Exception's Message property says: "An operations error occured" I've logged the ErrorCode, it's -2147016672

I also attempted to initialize UserName property implicitly, when creating the DirectoryEntry from the subgroup object:

foreach(var member in ((IEnumerable) resultMembers))
                    {
                        var memberEntry = new DirectoryEntry(member);
                        memberEntry.Username = adLogin;
                        var subgroupsSearcher = new DirectorySearcher(memberEntry)

                        ...
                    }

But it gave the same result.

What I'm doing wrong? Any help is appreciable.

Solution

  • Not sure why you're calling Invoke("members"). You'd want to just have the DirectorySearcher give you back the member attribute of the group. Two things you need to deal with: