13Jun VB.NET - List active directory users
As per usual I had a situation recently where I had to do some Active Directory stuff with VB.NET. I had to grab a list of all the users in our AD so that people could select a user and perform functions on them from within a webpage.
There are a number of ways you can do this but in the .NET Framework they all involve using the System.DirectoryServices namespace. A couple of quick things to be aware of before you try this yourself:
- Before messing with your Active Directory make sure you know what you’re doing and have the permissions of your AD Administrators (if it’s not you!)
- If you are going to use any of the following code from a .NET console application you’ll need to add a reference to System.DirectoryServices in addition to importing the namespace. I wrote a post a while ago about this entitled “Developer Dumbness” - it has the steps you need to add a reference to a .NET console application.
Anyway, the code below is a simple function that queries your Active Directory domain and retrieves all the user objects. This particular example filters out any user account whose “DisplayName” attribute meets the following criteria (the requirements for the app I had to write):
- Has an email address
- Does not contain the “$” symbol
- Does not contain the words “Admin” or “admin”
- Does not contain the words “Test” or “test”
- Does not contain the words “Service” or “service”
- Does not contain the word “System”
The function below returns an ArrayList object containing the DisplayName attribute of all users in the Active Directory being queried. It’s important to note that if you’re using this in a webpage that your IIS configuration’s account may not have access to query the Active Directory. As a result you may need to run the server under an alternate context/user or investigate .NET impersonation - this is beyond the scope of this post.
There is an example (complete with comments) that can be downloaded at the bottom of this post.
GetADUserList = New ArrayList
Dim entry As DirectoryEntry = New DirectoryEntry(”LDAP://mydomain.com”)
Dim mySearcher As DirectorySearcher = New DirectorySearcher(entry)
mySearcher.Filter = (”(objectClass=user)”)
For Each resEnt As SearchResult In mySearcher.FindAll()
Try
Dim de As DirectoryEntry = resEnt.GetDirectoryEntry()
If de.Properties(”DisplayName”).Value.ToString.Contains(”$”) = False _
AndAlso Not String.IsNullOrEmpty(de.Properties(”Mail”).Value.ToString) _
AndAlso de.Properties(”DisplayName”).Value.ToString.Contains(”Admin”) = False _
AndAlso de.Properties(”DisplayName”).Value.ToString.Contains(”admin”) = False _
AndAlso de.Properties(”DisplayName”).Value.ToString.Contains(”Test”) = False _
AndAlso de.Properties(”DisplayName”).Value.ToString.Contains(”test”) = False _
AndAlso de.Properties(”DisplayName”).Value.ToString.Contains(”Service”) = False _
AndAlso de.Properties(”DisplayName”).Value.ToString.Contains(”service”) = False _
AndAlso de.Properties(”DisplayName”).Value.ToString.Contains(”System”) = False Then
GetADUserList.Add(de.Properties(”DisplayName”).Value.ToString())
End If
Catch ex As Exception
End Try
Next
Return GetADUserList
End Function
If you were to use the function above in an ASP.NET webpage written with VB.NET you could use it in the following way. The example below runs as the result of clicking an ASP.NET “LinkButton” control called “lnkBuildList”. The list of users is then added to the list of items in an ASP.NET DropDownList control called lstUserList.
Dim userLoop As Integer
Dim userList As ArrayList = New ArrayList
userList = GetADUserList()
For userLoop = 0 To userList.Count - 1
lstUserList.Items.Add(userList(userLoop).ToString())
Next
End Sub
In addition to the “DisplayName” attribute there are some other attributes you can use too (this list is by no means complete). The code below is what you could use in the function above to print some more info.
Console.WriteLine(”Email : ” & de.Properties(”Mail”).Value.ToString())
Console.WriteLine(”Title : ” & de.Properties(”Title”).Value.ToString())
Console.WriteLine(”User Name : ” & de.Properties(”sAMAccountName”).Value.ToString())
Console.WriteLine(”First Name : ” & de.Properties(”GivenName”).Value.ToString())
Console.WriteLine(”Last Name : ” & de.Properties(”sn”).Value.ToString())
Console.WriteLine(”Initials : ” & de.Properties(”Initials”).Value.ToString())
Console.WriteLine(”Company : ” & de.Properties(”Company”).Value.ToString())
Console.WriteLine(”Department : ” & de.Properties(”Department”).Value.ToString())
Console.WriteLine(”Telephone No. : ” & de.Properties(”TelephoneNumber”).Value.ToString())
For simplicity’s sake I have written a small sample console application that uses the functions above and just writes the user list and a user count to the screen. Use the link below to download the sample solution. The code is commented so should be easy to understand.
Download ListADUsers.zip
Hope that helps someone! 
April 15th, 2008 at 8:53 pm
Hi,
I know this is an old post, but I have been looking for a way to do this for quite some time now. Everyone has examples of pulling ONE AD user, but not ALL AD users - so, I thought I would say THANKS! This will come in VERY handy!
June 8th, 2008 at 7:23 am
hi,
Mate…good stuff.
Cheers
Ani
July 30th, 2008 at 12:24 am
Thank you very much!!!!!!!!!