Home/ Questions/Q 122547
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-11T04:08:45+00:00

I’m using the following code to get the members of a group on my

  • 0

I’m using the following code to get the members of a group on my domain:

  Dim de As New DirectoryEntry('LDAP://' & GroupDN)    For Each user As String In CType(de.Properties('member'), IEnumerable)            GroupCollection.Add(Username, Username)    Next

My problem is that when GroupDN (the distinguishedname of the group) is ‘CN=Domain Users,CN=Users,DC=Mydomain,DC=local‘, the For…Each loop doesn’t execute, and when I check the Properties statement manually, it’s got a count of zero. This seems to work for every other group in my domain, but the ‘Domain Users’ group should contain everybody, and it appears to contain nobody.

I’ve checked, and the group lists everybody correctly in my Windows AD tools. Is there something obvious that I’m missing here? On a side note, is there a better way to get all the members of a group?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Unless you change the primary group id of a user, the user is not stored in the member attribute of the Domain Users group, rather it uses the fact that the primary group id is set to the Domain Users RID to determine membership in Domain Users. The normal case is that the Domain Users member attribute is empty; it would require that you make some changes to the default Active Directory implementation for this to not be the case.

    The Domain Users group uses a ‘computed’ mechanism based on the ‘primary group ID’ of the user to determine membership and does not typically store members as multi-valued linked attributes. If the primary group of the user is changed, their membership in the Domain Users group is written to the linked attribute for the group and is no longer calculated. This was true for Windows 2000 and has not changed for Windows Server 2003.

    Reference

    • 0