Synchronizing Google Groups and Active Directory Group Members

I have been doing a lot of synchronization projects lately like SalesForce events and Google Calendar Events, Active Directory and some Payroll Application and now Google Groups and Active Directory Groups.   It may sound too complicated to develop but trust it is not as complicated as you think.

For this article I will be presenting you a working code one way group membership synchronization that you can start with.  I hope this post will show you the concepts needed to achieve our end result which is synchronizing members in Active Directory and Google Groups. Before you get started I am assuming that you have Google Apps for your domain already setup and running for your organization otherwise you need to have it first before proceeding.

Now let’s get started, first you need to download the Google Apps .Net Client Library which you can find here.  Once downloaded set it up then were ready to roll.

Fire up your Visual Studio and add the following dll’s (Google.GData.Apps.dll and Google.GData.Client.dll) from the installed Google API folder, you will also need System.DirectoryServices and System.DirectoryServices.AccountManagement which can be found in the Assemblies repository.

First we need to declare some reusable variables which are

private string sDomain = "yourcompanydomain.com";
private string sGoogleServiceUrl = "https://apps-apis.google.com/a/feeds/group/2.0/";
private string sEmailRegEx = @"\w+([-+.']\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*";

We also need a method to Initialize Google Service, take note I had also included methods for using proxy servers.

///// <summary>
/// Initializes Google Service 
/// </summary>
/// <returns>Autheticated Session to Google Service</returns>
private GroupsService GoogleServiceAuthenticate()
{
    //Initialize Calendar Service
    Google.GData.Apps.Groups.GroupsService oGService = new GroupsService(sDomain, "your_application");
    oGService.setUserCredentials("username", "password");

    //If you are using proxy servers
    GDataRequestFactory oRequestFactory = (GDataRequestFactory)oGService.RequestFactory;

    WebProxy oWebProxy = new WebProxy(WebRequest.DefaultWebProxy.GetProxy(new Uri(sGoogleServiceUrl + sDomain)));
    oWebProxy.Credentials = CredentialCache.DefaultCredentials;
    oWebProxy.UseDefaultCredentials = true;
    oRequestFactory.Proxy = oWebProxy;

    return oGService;
}

Here are some Active Directory Methods that we will use, these are all derived from my AD Methods Library which can be found here.

/// <summary>
/// Returns Groups with Email Addresses
/// </summary>
/// <param name="sOU">The Organizational Unit To Search</param>
/// <returns>All Groups with Email Addresses on the Specified OU</returns>
private List<Principal> GetGroupsWithEmail(string sOU)
{
    PrincipalContext oPrincipalContext;
    oPrincipalContext = new PrincipalContext(ContextType.Domain, sDomain, sOU, ContextOptions.Negotiate, "youractivedirectoryuser", "password");

    var oListGroups = new List<Principal>();

    PrincipalSearcher oPrincipalSearcher = new PrincipalSearcher();
    GroupPrincipalExtended oGroupPrincipal = new GroupPrincipalExtended(oPrincipalContext);

    //Get Anything with @ that indicates an email, I'm just lazy you can filter it better
    oGroupPrincipal.EmailAddress = "*@*";

    oPrincipalSearcher.QueryFilter = oGroupPrincipal;
    oListGroups = oPrincipalSearcher.FindAll().ToList<Principal>();

    return oListGroups;
}

/// <summary>
/// Gets the Property of a Directory Entry
/// </summary>
/// oPrincipal">Prinicipal Object</param>
/// sPropertyName">The Name of the Property to get</param>
/// <returns>Value of the Propery Object</returns>
public string GetProperty(Principal oPrincipal, string sPropertyName)
{
    DirectoryEntry oDE = (oPrincipal.GetUnderlyingObject() as DirectoryEntry);

    if (oDE.Properties.Contains(sPropertyName))
    {
        return oDE.Properties[sPropertyName][0].ToString();
    }
    else
    {
        return string.Empty;
    }
}

You also need to extend the GroupPrincipal Class to expose the Email address field so that we can easily refer to it.   By default Email Addresses are not exposed in the GroupPrincipal and here is the full article explaining how to extend the GroupPrincipal Class to expose values not represented in the GroupPrincipal.

[DirectoryObjectClass("group")]
[DirectoryRdnPrefix("CN")]

public class GroupPrincipalExtended : GroupPrincipal
{
    public GroupPrincipalExtended(PrincipalContext context) : base(context) { }

    public GroupPrincipalExtended(PrincipalContext context, string samAccountName)
        : base(context, samAccountName)
    {
    }

    [DirectoryProperty("mail")]
    public string EmailAddress
    {
        get
        {
            if (ExtensionGet("mail").Length != 1)
                return null;

            return (string)ExtensionGet("mail")[0];

        }
        set { this.ExtensionSet("mail", value); }
    }
}

Now we got everything we need let’s do the actual syncing

private void Synchronize()
{
    //Get all Active Directory Groups with Email
    List<Principal> oGroupsWithEmail = GetGroupsWithEmail("OU=Your Groups OU,DC=yourcompanydomain,DC=com");

    foreach (GroupPrincipalExtended oGroup in oGroupsWithEmail)
    {
        List<string> oMembersInGoogle = new List<string>();
        List<string> oMembersInAD = new List<string>();

        try
        {
            //Instansiate Google Service
            GroupsService oGService = GoogleServiceAuthenticate();

            //Set User URI
            Uri oGroupMemberUri = new Uri(sGoogleServiceUrl + sDomain + "/" + oGroup.EmailAddress + "/member/");

            //Get Google Group Members
            AppsExtendedFeed oGoogleGroupMembers = oGService.RetrieveAllMembers(oGroup.EmailAddress, true);
            foreach (AtomEntry oUserFeedItem in oGoogleGroupMembers.Entries)
            {
                string sMemberEmail = oUserFeedItem.SelfUri.ToString().Replace("%40", "@").Replace(oGroupMemberUri.ToString(), "");
                //Add in Google Members List for Later Comparison
                oMembersInGoogle.Add(sMemberEmail.ToLower());
            }

            //Get AD Group Members
            PrincipalSearchResult<Principal> oPrincipals = oGroup.GetMembers();
            foreach (Principal oPrincipal in oPrincipals)
            {
                //If Principal Type is User
                if (oPrincipal.StructuralObjectClass == "user")
                {
                    UserPrincipal oUserPrincipal = (UserPrincipal)oPrincipal;
                    if (bool.Parse(oUserPrincipal.Enabled.ToString()) &&
                        (oUserPrincipal.EmailAddress != "" && oUserPrincipal.EmailAddress != null) &&
                        System.Text.RegularExpressions.Regex.IsMatch(oUserPrincipal.EmailAddress, sEmailRegEx))
                    {
                        //Add in Active Directory Email List for Later Comparison
                        oMembersInAD.Add(oUserPrincipal.EmailAddress.ToLower());
                    }
                }
                //If Principal Type is Group
                if (oPrincipal.StructuralObjectClass == "group")
                {
                    GroupPrincipal oGroupPrincipal = (GroupPrincipal)oPrincipal;
                    string sGroupPrincipalEmail = GetProperty(oGroupPrincipal, "mail");
                    if ((sGroupPrincipalEmail != "" &&
                        sGroupPrincipalEmail != null) &&
                        System.Text.RegularExpressions.Regex.IsMatch(sGroupPrincipalEmail, sEmailRegEx))
                    {
                        //Add in Active Directory Email List for Later Comparison
                        oMembersInAD.Add(sGroupPrincipalEmail.ToLower());
                    }
                }
            }

            //Add Members in Google
            foreach (string sMemberInAD in oMembersInAD)
            {
                //Check if Email is in Active Directory Email List but not in Google Members List
                if (!oMembersInGoogle.Contains(sMemberInAD.ToLower()))
                {
                    oGService.AddMemberToGroup(sMemberInAD, oGroup.EmailAddress);
                }
            }

            //Remove Members in Google
            foreach (string sMemberInGoogle in oMembersInGoogle)
            {
                if (!oMembersInAD.Contains(sMemberInGoogle.ToLower()))
                {
                    //Check if Email is in Google Members List but not in Active Directory Email List
                    oGService.RemoveMemberFromGroup(sMemberInGoogle, oGroup.EmailAddress);
                }
            }
        }
        catch (Google.GData.Apps.AppsException gEx)
        {
            if (gEx.ErrorCode == "1301")
            {
                //Entity Not found whihc means, Google Groups is not existing
                //Do your create group method here
                CreateGoogleGroup(oGroup.EmailAddress, oGroup.DisplayName, oGroup.Description, sEmailPermission, oMembersInAD);
            }
            else
            {
                //Other Google Error Codes to Catch
            }
        }
        catch (Exception ex) 
        {
            //Exception
        }
    }
}

Now the code above shows you how to synchronize Active Directory Group Members to Google Groups which includes adding and removing users.  It is performing a one way sync which treats Active Directory as the master record repository.  Also if you had noticed that there is a catch for the Google.GData.Apps.AppsException this will catch any error that might be encountered on running the sync like 1301 which means Group with that Email Address was not found.  For a full list of Error code refer to the list
below (which I got here)

1000 – Unknown Error
1100 – User Deleted Recently
1101 – User Suspended
1200 – Domain User Limit Exceeded
1201 – Domain Alias Limit Exceeded
1202 – Domain Suspended
1203 – Domain Feature Unavailable
1300 – Entity Exists
1301 – Entity Does Not Exist
1302 – Entity Name Is Reserved
1303 – Entity Name Not Valid
1400 – Invalid Given Name
1401 – Invalid Family Name
1402 – Invalid Password
1403 – Invalid Username
1404 – Invalid Hash Function Name
1405 – Invalid Hash Digest Length
1406 – Invalid Email Address
1407 – Invalid Query Parameter Value
1500 – Too Many Recipients On Email List

On the Next Article I will be expanding further on that CreateGoogleGroup function.  Happy Coding!

Increase 1000 Records Maximum Page Size of Active Directory

Just wanted to share a common question that is always asked on why Active Directory returns only 1000 results when you perform a query.  It is a limitation imposed by Active Directory by default, but it does not mean you cannot increase that values.  You can always increase it by changing the MaxPageSize setting in Active Directory but do it with proper caution as it set at 1000 for a reason.

Now if you know the implications of changing it like slowing down the performance of your Active Directory Operations then here is how to increse it.

All you need is to use Ntdsutil.exe which you can type on the run command but if you are using Windows 2008 make sure run the command prompt as an administrator

Once you typed it it will show you the command prompt and follow these steps to increase the limit.

1. At the Ntdsutil.exe command prompt, type “LDAP policies”, and then hit ENTER.
2. Now type “Set MaxPageSize to 5000″. -> Change 5000 to the Max results you want
3. To view the changes, type “Show Values”
4. To commit the changes, type “Commit Changes”
5. type “q” to quit

How to get Domain Name (pre-Windows 2000) from FQDN (Fully Qualified Domain Name) using C#

This started when I saw a question on stack overflow and it challenged me to solve it, it may look simple initially but least to say it was challenging.  The question was about getting a list of all domain names in your network and display it in a friendly way like what you see when you log on to windows rather than yourdepartment.yourdomain.com

All you have to do is to refer to a COM Reference called Active DS Library which contains the IADsNameTranslate  interface which can translate distinguished names (DNs) among various formats.

Now having that tool, its just a matter of getting a list of domain which I can get in FQDN format easily by Getting the DomainCollection from the Forest you are in, now the last issue is converting that FQDN to a DN  format which is easy by using String Methods, we are doing this as the reference I mentioned above can only convert from other formats which is defined here and FQDN is not an option so the easiest would be DN. And here is how I did it.

using System.DirectoryServices.ActiveDirectory;
using ActiveDs;

private void ListDomains()
{
 string sUserName = "xxxx";
 string sPassword = "xxxx";

 DirectoryContext oDirectoryContext = new DirectoryContext(DirectoryContextType.Domain, sUserName, sPassword);

 Domain oCurrentDomain = Domain.GetDomain(oDirectoryContext);
 Forest oForest = oCurrentDomain.Forest;
 DomainCollection oAddDomainsInForest = oForest.Domains;

 foreach (Domain oDomain in oAddDomainsInForest)
 {
 Console.WriteLine(GetName(oDomain.ToString()));
 }

}
private string GetName(string sDomainName)
{
 try
 {
 IADsADSystemInfo oSysInfo = new ADSystemInfoClass();
 IADsNameTranslate oNameTranslate = new NameTranslateClass();
 oNameTranslate.Init((int)ADS_NAME_INITTYPE_ENUM.ADS_NAME_INITTYPE_DOMAIN, sDomainName);

 string[] aSplitDN = sDomainName.Split(new Char[] { '.' });
 string sDistinguishedName = "";

 //Convert Domain Name to Distinguished Name
 foreach (string sDomainPart in aSplitDN)
 {
 sDistinguishedName = sDistinguishedName + "DC=" + sDomainPart + ",";
 }

 oNameTranslate.Set((int)ADS_NAME_TYPE_ENUM.ADS_NAME_TYPE_UNKNOWN, sDistinguishedName.Remove(sDistinguishedName.Length - 1));//Remove the last comma
 string sFriendlyName = oNameTranslate.Get((int)ADS_NAME_TYPE_ENUM.ADS_NAME_TYPE_NT4);
 return sFriendlyName.Replace(@"\", "");
 }
 catch
 {
 return "Access Denied";
 }

If theres an easy way just let me know, but for now this works for me!

Everything in Active Directory via C#.Net 3.5 (Using System.DirectoryServices.AccountManagement)

Before .Net managing Active Directory objects is a bit lengthy and you need a good knowledge on the principal store to have your head around on what you want to do.  We ususally use the System.DirectoryServices namespace but with .Net 3.5 they introduced System.DirectoryServices.AccountManagement which is manages directory objects independent of the System.DirectoryServices namespace.

So what are the advantages of using this if I have already a library created for the whole AD Methods that System.DirectoryServices exposed?  Because everything is really simple in terms of managing a user, computer or group principal and performing queries on the stores are much faster thanks to the Fast Concurrent Bind (FSB) feature which caches the connection which decreases the number of ports used in the process.

I remember I had posted a while back Active Directory Objects and C# which is basically everything regarding AD Methods in terms of Users and Group management and if you see the codebase is a bit lengthy and you need a bit of understanding on setting and getting hex values thats why I ennumerated it.  Now I had rewritten it using the System.DirectoryServices.AccountManagement namespace, fucntionalities remain the same but its easier to understand and there are fewer lines.|

The code is divided into several regions but here are the 5 key regions with their methods explained

Validate Methods

• ValidateCredentials – This Method will validate the users credentials.
• IsUserExpired – Checks if the User Account is Expired.
• IsUserExisiting – Checks if user exsists on AD.
• IsAccountLocked  – Checks if user account is locked

Search Methods

• GetUser – This will return a UserPrincipal Object if the User Exists

User Account Methods

• SetUserPassword – This Method will set the Users Password
• EnableUserAccount – This Method will Enable a User Account
• DisableUserAccount – This Methoid will Disable the User Account
• ExpireUserPassword – This Method will Force Expire a Users Password
• UnlockUserAccount – This Method will unlocks a User Account
• CreateNewUser – This Method will Create a new User Directory Object
• DeleteUser – This Method will Delete an AD User based on Username.

Group Methods

• CreateNewGroup – This Method will create a New Active Directory Group
• AddUserToGroup – This Method will add a User to a group
• RemoveUserFromGroup – This Method will remove a User from a Group
• IsUserGroupMember – This Method will Validate whether the User is a Memeber of a Group
• GetUserGroups – This Method will return an ArrayList of a User Group Memberships

Helper Methods

• GetPrincipalContext – Gets the base principal context

Now here are the codes

using System;
using System.Collections;
using System.Text;
using System.DirectoryServices.AccountManagement;
using System.Data;
using System.Configuration;

public class ADMethodsAccountManagement
{

#region Variables

private string sDomain = "test.com";
private string sDefaultOU = "OU=Test Users,OU=Test,DC=test,DC=com";
private string sDefaultRootOU = "DC=test,DC=com";
private string sServiceUser = @"ServiceUser";
private string sServicePassword = "ServicePassword";

#endregion
#region Validate Methods

/// <summary>
/// Validates the username and password of a given user
/// </summary>
/// <param name="sUserName">The username to validate</param>
/// <param name="sPassword">The password of the username to validate</param>
/// <returns>Returns True of user is valid</returns>
public bool ValidateCredentials(string sUserName, string sPassword)
{
    PrincipalContext oPrincipalContext = GetPrincipalContext();
    return oPrincipalContext.ValidateCredentials(sUserName, sPassword);

}

/// <summary>
/// Checks if the User Account is Expired
/// </summary>
/// <param name="sUserName">The username to check</param>
/// <returns>Returns true if Expired</returns>
public bool IsUserExpired(string sUserName)
{
    UserPrincipal oUserPrincipal = GetUser(sUserName);
    if (oUserPrincipal.AccountExpirationDate != null)
    {
        return false;
    }
    else
    {
        return true;
    }
}

/// <summary>
/// Checks if user exsists on AD
/// </summary>
/// <param name="sUserName">The username to check</param>
/// <returns>Returns true if username Exists</returns>
public bool IsUserExisiting(string sUserName)
{
    if (GetUser(sUserName) == null)
    {
        return false;
    }
    else
    {
        return true;
    }
}

/// <summary>
/// Checks if user accoung is locked
/// </summary>
/// <param name="sUserName">The username to check</param>
/// <returns>Retruns true of Account is locked</returns>
public bool IsAccountLocked(string sUserName)
{
    UserPrincipal oUserPrincipal = GetUser(sUserName);
    return oUserPrincipal.IsAccountLockedOut();
}
#endregion

#region Search Methods

/// <summary>
/// Gets a certain user on Active Directory
/// </summary>
/// <param name="sUserName">The username to get</param>
/// <returns>Returns the UserPrincipal Object</returns>
public UserPrincipal GetUser(string sUserName)
{
    PrincipalContext oPrincipalContext = GetPrincipalContext();

    UserPrincipal oUserPrincipal = UserPrincipal.FindByIdentity(oPrincipalContext, sUserName);
    return oUserPrincipal;
}

/// <summary>
/// Gets a certain group on Active Directory
/// </summary>
/// <param name="sGroupName">The group to get</param>
/// <returns>Returns the GroupPrincipal Object</returns>
public GroupPrincipal GetGroup(string sGroupName)
{
    PrincipalContext oPrincipalContext = GetPrincipalContext();

    GroupPrincipal oGroupPrincipal = GroupPrincipal.FindByIdentity(oPrincipalContext, sGroupName);
    return oGroupPrincipal;
}

#endregion

#region User Account Methods

/// <summary>
/// Sets the user password
/// </summary>
/// <param name="sUserName">The username to set</param>
/// <param name="sNewPassword">The new password to use</param>
/// <param name="sMessage">Any output messages</param>
public void SetUserPassword(string sUserName, string sNewPassword, out string sMessage)
{
    try
    {
        UserPrincipal oUserPrincipal = GetUser(sUserName);
        oUserPrincipal.SetPassword(sNewPassword);
        sMessage = "";
    }
    catch (Exception ex)
    {
        sMessage = ex.Message;
    }

}

/// <summary>
/// Enables a disabled user account
/// </summary>
/// <param name="sUserName">The username to enable</param>
public void EnableUserAccount(string sUserName)
{
    UserPrincipal oUserPrincipal = GetUser(sUserName);
    oUserPrincipal.Enabled = true;
    oUserPrincipal.Save();
}

/// <summary>
/// Force disbaling of a user account
/// </summary>
/// <param name="sUserName">The username to disable</param>
public void DisableUserAccount(string sUserName)
{
    UserPrincipal oUserPrincipal = GetUser(sUserName);
    oUserPrincipal.Enabled = false;
    oUserPrincipal.Save();
}

/// <summary>
/// Force expire password of a user
/// </summary>
/// <param name="sUserName">The username to expire the password</param>
public void ExpireUserPassword(string sUserName)
{
    UserPrincipal oUserPrincipal = GetUser(sUserName);
    oUserPrincipal.ExpirePasswordNow();
    oUserPrincipal.Save();

}

/// <summary>
/// Unlocks a locked user account
/// </summary>
/// <param name="sUserName">The username to unlock</param>
public void UnlockUserAccount(string sUserName)
{
    UserPrincipal oUserPrincipal = GetUser(sUserName);
    oUserPrincipal.UnlockAccount();
    oUserPrincipal.Save();
}

/// <summary>
/// Creates a new user on Active Directory
/// </summary>
/// <param name="sOU">The OU location you want to save your user</param>
/// <param name="sUserName">The username of the new user</param>
/// <param name="sPassword">The password of the new user</param>
/// <param name="sGivenName">The given name of the new user</param>
/// <param name="sSurname">The surname of the new user</param>
/// <returns>returns the UserPrincipal object</returns>
public UserPrincipal CreateNewUser(string sOU, string sUserName, string sPassword, string sGivenName, string sSurname)
{
    if (!IsUserExisiting(sUserName))
    {
        PrincipalContext oPrincipalContext = GetPrincipalContext(sOU);

        UserPrincipal oUserPrincipal = new UserPrincipal(oPrincipalContext, sUserName, sPassword, true /*Enabled or not*/);

        //User Log on Name
        oUserPrincipal.UserPrincipalName = sUserName;
        oUserPrincipal.GivenName = sGivenName;
        oUserPrincipal.Surname = sSurname;
        oUserPrincipal.Save();

        return oUserPrincipal;
    }
    else
    {
        return GetUser(sUserName);
    }
}

/// <summary>
/// Deletes a user in Active Directory
/// </summary>
/// <param name="sUserName">The username you want to delete</param>
/// <returns>Returns true if successfully deleted</returns>
public bool DeleteUser(string sUserName)
{
    try
    {
        UserPrincipal oUserPrincipal = GetUser(sUserName);

        oUserPrincipal.Delete();
        return true;
    }
    catch
    {
        return false;
    }
}

#endregion

#region Group Methods

/// <summary>
/// Creates a new group in Active Directory
/// </summary>
/// <param name="sOU">The OU location you want to save your new Group</param>
/// <param name="sGroupName">The name of the new group</param>
/// <param name="sDescription">The description of the new group</param>
/// <param name="oGroupScope">The scope of the new group</param>
/// <param name="bSecurityGroup">True is you want this group to be a security group, false if you want this as a distribution group</param>
/// <returns>Retruns the GroupPrincipal object</returns>
public GroupPrincipal CreateNewGroup(string sOU, string sGroupName, string sDescription, GroupScope oGroupScope, bool bSecurityGroup)
{
    PrincipalContext oPrincipalContext = GetPrincipalContext(sOU);

    GroupPrincipal oGroupPrincipal = new GroupPrincipal(oPrincipalContext, sGroupName);
    oGroupPrincipal.Description = sDescription;
    oGroupPrincipal.GroupScope = oGroupScope;
    oGroupPrincipal.IsSecurityGroup = bSecurityGroup;
    oGroupPrincipal.Save();

    return oGroupPrincipal;
}

/// <summary>
/// Adds the user for a given group
/// </summary>
/// <param name="sUserName">The user you want to add to a group</param>
/// <param name="sGroupName">The group you want the user to be added in</param>
/// <returns>Returns true if successful</returns>
public bool AddUserToGroup(string sUserName, string sGroupName)
{
    try
    {
        UserPrincipal oUserPrincipal = GetUser(sUserName);
        GroupPrincipal oGroupPrincipal = GetGroup(sGroupName);
        if (oUserPrincipal != null && oGroupPrincipal != null)
        {
            if (!IsUserGroupMember(sUserName, sGroupName))
            {
                oGroupPrincipal.Members.Add(oUserPrincipal);
                oGroupPrincipal.Save();
            }
        }
        return true;
    }
    catch
    {
        return false;
    }
}

/// <summary>
/// Removes user from a given group
/// </summary>
/// <param name="sUserName">The user you want to remove from a group</param>
/// <param name="sGroupName">The group you want the user to be removed from</param>
/// <returns>Returns true if successful</returns>
public bool RemoveUserFromGroup(string sUserName, string sGroupName)
{
    try
    {
        UserPrincipal oUserPrincipal = GetUser(sUserName);
        GroupPrincipal oGroupPrincipal = GetGroup(sGroupName);
        if (oUserPrincipal != null && oGroupPrincipal != null)
        {
            if (IsUserGroupMember(sUserName, sGroupName))
            {
                oGroupPrincipal.Members.Remove(oUserPrincipal);
                oGroupPrincipal.Save();
            }
        }
        return true;
    }
    catch
    {
        return false;
    }
}

/// <summary>
/// Checks if user is a member of a given group
/// </summary>
/// <param name="sUserName">The user you want to validate</param>
/// <param name="sGroupName">The group you want to check the membership of the user</param>
/// <returns>Returns true if user is a group member</returns>
public bool IsUserGroupMember(string sUserName, string sGroupName)
{
    UserPrincipal oUserPrincipal = GetUser(sUserName);
    GroupPrincipal oGroupPrincipal = GetGroup(sGroupName);

    if (oUserPrincipal != null && oGroupPrincipal != null)
    {
        return oGroupPrincipal.Members.Contains(oUserPrincipal);
    }
    else
    {
        return false;
    }
}

/// <summary>
/// Gets a list of the users group memberships
/// </summary>
/// <param name="sUserName">The user you want to get the group memberships</param>
/// <returns>Returns an arraylist of group memberships</returns>
public ArrayList GetUserGroups(string sUserName)
{
    ArrayList myItems = new ArrayList();
    UserPrincipal oUserPrincipal = GetUser(sUserName);

    PrincipalSearchResult<Principal> oPrincipalSearchResult = oUserPrincipal.GetGroups();

    foreach (Principal oResult in oPrincipalSearchResult)
    {
        myItems.Add(oResult.Name);
    }
    return myItems;
}

/// <summary>
/// Gets a list of the users authorization groups
/// </summary>
/// <param name="sUserName">The user you want to get authorization groups</param>
/// <returns>Returns an arraylist of group authorization memberships</returns>
public ArrayList GetUserAuthorizationGroups(string sUserName)
{
    ArrayList myItems = new ArrayList();
    UserPrincipal oUserPrincipal = GetUser(sUserName);

    PrincipalSearchResult<Principal> oPrincipalSearchResult = oUserPrincipal.GetAuthorizationGroups();

    foreach (Principal oResult in oPrincipalSearchResult)
    {
        myItems.Add(oResult.Name);
    }
    return myItems;
}

#endregion

#region Helper Methods

/// <summary>
/// Gets the base principal context
/// </summary>
/// <returns>Retruns the PrincipalContext object</returns>
public PrincipalContext GetPrincipalContext()
{
    PrincipalContext oPrincipalContext = new PrincipalContext(ContextType.Domain, sDomain, sDefaultOU, ContextOptions.SimpleBind, sServiceUser, sServicePassword);
    return oPrincipalContext;
}

/// <summary>
/// Gets the principal context on specified OU
/// </summary>
/// <param name="sOU">The OU you want your Principal Context to run on</param>
/// <returns>Retruns the PrincipalContext object</returns>
public PrincipalContext GetPrincipalContext(string sOU)
{
    PrincipalContext oPrincipalContext = new PrincipalContext(ContextType.Domain, sDomain, sOU, ContextOptions.SimpleBind, sServiceUser, sServicePassword);
    return oPrincipalContext;
}

#endregion

}

Now this is how to use it.

ADMethodsAccountManagement ADMethods = new ADMethodsAccountManagement();

UserPrincipal myUser = ADMethods.GetUser("Test");
myUser.GivenName = "Given Name";
myUser.Surname = "Surname";
myUser.MiddleName = "Middle Name";
myUser.EmailAddress = "Email Address";
myUser.EmployeeId = "Employee ID";
myUser.Save();

List all Computers in a Domain the quick way!

This in in conjunction with my work here where I need to list all websites in a server, now I need to list all servers and whats the quick way of doing it? Again scripting in VBS.

Here is how I’ve done

const oFileName ="AllComputers.csv"
set oCmd = createobject("ADODB.Command")
set oConn = createobject("ADODB.Connection")
set oRS = createobject("ADODB.Recordset")

oConn.open "Provider=ADsDSOObject;"
oCmd.ActiveConnection = oConn

set oRoot = GetObject("LDAP://RootDSE")

oCmd.CommandText = "<LDAP://" & oRoot.Get("defaultNamingContext")  & ">;(objectCategory=Computer);" & _
          "name, distinguishedName, operatingsystem, operatingsystemservicepack, operatingsystemversion;subtree"
oCmd.Properties("page size")=1000

set oRS = oCmd.Execute
set oFSO = CreateObject("Scripting.FileSystemObject")
set oCSV = oFSO.CreateTextFile(oFileName)

sQuotations = """"

while oRS.EOF <> true and oRS.BOF <> true
    oCSV.writeline(sQuotations & oRS("name") & sQuotations & "," & _
    sQuotations & oRS("distinguishedName") & sQuotations & "," &  _
    sQuotations & oRS("operatingsystem") & sQuotations & "," & _
    sQuotations & oRS("operatingsystemservicepack") & sQuotations & "," & _
    sQuotations & oRS("operatingsystemversion") & sQuotations)
    oRS.MoveNext
wend

oCSV.Close
oConn.close

wscript.echo "Done!"

http://anyrest.wordpress.com/2010/02/10/how-to-list-all-websites-in-iis/