The System.DirectoryServices.AccountManagement library can't be used because it only works on Microsoft servers/workstations.
The System.DirectoryServices.Protocols library enables me to access our AD groups; however, at least for my company's AD domain, it can only access the first 1500 members of any AD group's membership.
I need a way to access the entire membership! Does anyone know of a library (or method) which can provide such functionality (for platform agnostic C#.NET 8.0 programs)?
Every example I've found on the Internet says that an AD group should always contain a "member" attribute - which is populated if the group has less than 1500 members - and for groups which have more than 1500 members, everyone says the group's "member" attribute should be blank/empty (ours is) and the group should have one attribute named "member;range=0-1499" and then additional attribute(s) named something like "member;range=1500-2999" and "member;range=3000-*". However, while my company's large AD groups do have the "member;range=0-1499" attribute, they do not contain any additional "member;range=..." attributes (e.g., even Microsoft's own "AD Explorer" tool claims that such groups contain only a "member" and "member;range=0-1499" attributes). I've no idea how/where AD is storing all the additional members of such large AD groups!
FYI: This is simple in PowerShell - for example: Get-ADGroup -Identity "group-name" -Properties Members | Select-Object -ExpandProperty Members | ForEach-Object { Write-Output $_ } > c:\output.txt
However, that "Members" virtual attribute (which magically provides the contents of all "member;range=..." AD group attributes) is not available to C#.NET 8.0 - at least not via System.DirectoryServices.Protocols.
The System.DirectoryServices.Protocols library enables me to access our AD groups; however, at least for my company's AD domain, it can only access the first 1500 members of any AD group's membership.
I need a way to access the entire membership! Does anyone know of a library (or method) which can provide such functionality (for platform agnostic C#.NET 8.0 programs)?
Every example I've found on the Internet says that an AD group should always contain a "member" attribute - which is populated if the group has less than 1500 members - and for groups which have more than 1500 members, everyone says the group's "member" attribute should be blank/empty (ours is) and the group should have one attribute named "member;range=0-1499" and then additional attribute(s) named something like "member;range=1500-2999" and "member;range=3000-*". However, while my company's large AD groups do have the "member;range=0-1499" attribute, they do not contain any additional "member;range=..." attributes (e.g., even Microsoft's own "AD Explorer" tool claims that such groups contain only a "member" and "member;range=0-1499" attributes). I've no idea how/where AD is storing all the additional members of such large AD groups!
FYI: This is simple in PowerShell - for example: Get-ADGroup -Identity "group-name" -Properties Members | Select-Object -ExpandProperty Members | ForEach-Object { Write-Output $_ } > c:\output.txt
However, that "Members" virtual attribute (which magically provides the contents of all "member;range=..." AD group attributes) is not available to C#.NET 8.0 - at least not via System.DirectoryServices.Protocols.
