How do I list and modify the members of an LDAP group?

To list the members of a group on your directory server, specify the user/member attributes in your search filter. For example, to find all the members of the "Administrators" group:

        ldap.DN = "CN=Administrators,CN=Builtin,DC=DOMAIN";
        ldap.SearchScope = LdapSearchScopes.ssBaseObject;
        ldap.Attributes.Add(new LDAPAttribute("member"));
        ldap.Attributes.Add(new LDAPAttribute("memberUid"));
        ldap.Attributes.Add(new LDAPAttribute("uniqueMember"));
        ldap.Attributes.Add(new LDAPAttribute("objectClass"));
        ldap.Search("objectClass=*");

To add or remove a particular user from the group membership, simply modify the "member" attribute of the group. For example, to remove "Tom H" from the Administrators group:

        ldap.DN = "CN=Administrators,CN=Builtin,DC=JUNGLE";
        LDAPAttribute attr = new LDAPAttribute("member", "CN=Tom H,CN=Users,DC=DOMAIN", LDAPAttributeModOps.amoDelete);
        //above I use amoDelete.  Use amoAdd to add Tom H to the group
        ldap.Attributes.Add(attr);
        ldap.Modify();

We appreciate your feedback. If you have any questions, comments, or suggestions about this article please contact our support team at kb@nsoftware.com.