System.DirectoryServices.AccountManagement.UserPrincipal.IsMemberOf returns false negatives

Hi all,   Sometime ago a customer of mine faced the following issue on his .NET Framework 3.5 app: System.DirectoryServices.AccountManagement.UserPrincipal.IsMemberOf returned false negatives when the group had more than 1500 members. This means that the function returned false when the user was actually in the group. But everything worked properly with VBScript and ADSI. This turned out to…

2

How to read msTSProfilePath, msTSHomeDrive and msTSHomeDirectory properties from AD (VB.NET)

  Hi all, If you used to query Active Directory properties like TerminalServicesProfilePath, TerminalServicesHomeDrive and TerminalServicesHomeDirectory on Windows Server 2003, you may have realized already that those properties are not available on Windows Server 2008 and later. If you investigate a bit, you may find some properties which are supposed to be their substitutes: msTSProfilePath,…

4

How to get the AD groups a user is member of (ASP)

Hi all, The following ASP sample shows how to get all Active Directory groups of the user accessing the ASP page. Note: I know ASP is quite old and people should be using ASP.NET instead. But I’m posting this sample because translating it to VBScript is pretty straightforward, and I still have many customers using VBScript.<%…

1

How to get all DCs in a Forest (VBScript)

Hi all, The following VBScript sample lists all DCs in a Forest:’ Create log file ‘ Set objFSO = CreateObject(“Scripting.FileSystemObject”) Set objLog = objFSO.CreateTextFile (“log.txt”) ‘ Get Forest’s root ‘ Set objRoot = GetObject(“LDAP://rootDSE”) ‘ Get root’s Configuration ‘ Set objConfig = GetObject(“LDAP://” & objRoot.Get(“ConfigurationNamingContext”)) ‘ Search for the Partitions container in root’s Configuration ‘…

1

How to get LastLogon property for all users in a Domain (VBScript)

Hi all, The following VBScript sample retrieves all users in Active Directory that haven’t ever logged on the domain, or haven’t logged on for at least maxDays (an argument passed to the script): On Error Resume Next ‘ Constants ‘ Const ONE_HUNDRED_NANOSECOND = .000000100 Const SECONDS_IN_DAY = 86400 ‘ Get Max Days as an argument passed…

4

How to get more than 1000 group members including foreign SAMs (VBScript)

Hi all, We may have a group in our Active Directory with members from a foreign domain. We may try to retrieve all those members with ADSI and a code like this: Using IADs::GetInfoEx for Range Retrieval. The issue with this code is that we will only be able to see the SID of foreign…

0

System.DirectoryServices.DirectorySynchronization returns access denied with non-admin users

Hi all, You may get an Access Denied error (COMException 0x80070005) when using System.DirectoryServices.DirectorySynchronization in your .NET application with a non-admin user, but everything works fine with a domain administrator. This issue will happen if we use DirectorySynchronization this way:DirectorySearcher directorySearcher = new DirectorySearcher(rootPath); directorySearcher.DirectorySynchronization = new DirectorySynchronization(); If we want to run this code as…

0

ChangePassword method may fail with TargetInvocationException (.NET)

Hi all, welcome back, When working with System.DirectoryServices.DirectoryEntry in .NET, we may change the password of the user with a code like the following (C#):user.Invoke(“ChangePassword”, new object[] { oldPassword, newPassword } But invoking ChangePassword may fail with the following System.Reflection.TargetInvocationException: “Exception has been thrown by the target of an invocation” This error is not very…

3

How to get a list of all users in an OU (VBScript)

Hi all, welcome back, Today I’ll post a very straight forward sample which gets a list of all users in an Organizational Unit (OU) in Active Directory (AD) using VBScript:’ Get OU ‘ strOU = “OU=Users,DC=domain,DC=com” ‘ Create connection to AD ‘ Set objConnection = CreateObject(“ADODB.Connection”) objConnection.Open “Provider=ADsDSOObject;” ‘ Create command ‘ Set objCommand =…

18

How to get ADs Providers list (C#)

Hi, welcome back,  We may want to get the list of Active Directory Providers (“LDAP:”, “WinNT:”, “IIS:”…) with .NET the same way we do it with this VBScript:Set ads = GetObject(“ADs:”) For Each provider In ads Wscript.Echo provider.Name Next The information we need is here in the registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ADs\Providers. So the following sample code will…

0