This is the PowerShell script I made for this without using the AccountManagement classes. This should be easy enough to translate to C #:
[void][System.Reflection.Assembly]::LoadWithPartialName("System.DirectoryServices"); $groupName = "Grupo Domain"; $directoryEntry = New-Object System.DirectoryServices.DirectoryEntry; $directorySearcher = New-Object System.DirectoryServices.DirectorySearcher($directoryEntry, "(&(objectClass=group)(CN=$groupName))"); [void]$directorySearcher.PropertiesToLoad.Add("objectSid"); [void]$directorySearcher.PropertiesToLoad.Add("member"); $result = $directorySearcher.FindOne(); if ($result -eq $null) { return; } # Try get the group members through the "member" property. if ($result.Properties["member"].Count -gt 0) { foreach ($member in $result.Properties["member"]) { $memberSearcher = New-Object System.DirectoryServices.DirectorySearcher($directoryEntry, "(&(objectClass=*)(distinguishedName=$member))"); [void]$memberSearcher.PropertiesToLoad.Add("msDS-PrincipalName"); $memberResult = $memberSearcher.FindOne(); if ($memberResult -eq $null) { continue; } Write-Output $memberResult.Properties["msDS-PrincipalName"]; } return; } if ($result.Properties["objectSid"].Count -gt 0) { # The group might be an AD primary group. Try get the members by the PrimaryGroupID. $groupSid = New-Object System.Security.Principal.SecurityIdentifier($result.Properties["objectSid"][0], 0); # Hacky way to get only the last RID. $primaryGroupSid = $groupSid.Value.Replace($groupSid.AccountDomainSid.ToString(), [String]::Empty).TrimStart('-'); $memberSearcher = New-Object System.DirectoryServices.DirectorySearcher($directoryEntry, "(&(objectClass=*)(primaryGroupId=$primaryGroupSid))"); [void]$memberSearcher.PropertiesToLoad.Add("msDS-PrincipalName"); $memberResult = $memberSearcher.FindAll(); if ($memberResult -eq $null) { continue; } foreach ($member in $memberResult) { Write-Output $member.Properties["msDS-PrincipalName"]; } }
Vinicius
source share