gimbup gimbup - 3 months ago 16
C# Question

Active Directory: Get num of users/groups in a domain without loading all the users/groups?

I want to get number of users/groups in a domain without loading all the users/groups.

Is this possible? especially in c#?

Answer

This is not really possible in AD. You need to query LDAP with an appropriate filter and count the results. There is a numSubordinates attribute that exists in some LDAP implementations which will tell you how many objects exist underneath a specific object, but AD does not support it. The closest you can get is msDS-Approx-Immed-Subordinates.

However, even if one of the above attributes were available, there's no way to make a distinction between the type of subordinate objects in the count. Unless you can guarantee that only users/groups reside under a specific structure in your directory and nothing else.