Okay, it's taken a while, messing around with different solutions but the one that fits best with my original question is given below. I can't get the DirectoryEntry object to access the members of a local group using the 'standard' methods, the only way I could get it to enumerate the members was by using the Invoke method to call the native objects Members method.

好的，花了一段时间，弄乱了不同的解决方案，但下面给出了最适合我的原始问题的解决方案。我无法使用“标准”方法让 DirectoryEntry 对象访问本地组的成员，我可以让它枚举成员的唯一方法是使用 Invoke 方法调用本机对象的成员方法。

using(DirectoryEntry groupEntry = new DirectoryEntry("WinNT://./Administrators,group"))
{
    foreach(object member in (IEnumerable) groupEntry.Invoke("Members"))
    {
        using(DirectoryEntry memberEntry = new DirectoryEntry(member))
        {
            Console.WriteLine(memberEntry.Path);
        }
    }
}

I also used a similar technique to add and remove members from the local group.

我还使用了类似的技术在本地组中添加和删除成员。

Hopefully this helps someone else as well. Keith.

希望这对其他人也有帮助。基思。

EDITby Tim: added VB.Net version

由 Tim编辑：添加了 VB.Net 版本

Public Function MembersOfGroup(ByVal GroupName As String) As List(Of DirectoryEntry)
    Dim members As New List(Of DirectoryEntry)
    Try
        Using search As New DirectoryEntry("WinNT://./" & GroupName & ",group")
            For Each member As Object In DirectCast(search.Invoke("Members"), IEnumerable)
                Dim memberEntry As New DirectoryEntry(member)
                members.Add(memberEntry)
            Next
        End Using
    Catch ex As Exception
        MessageBox.Show(ex.ToString)
    End Try
    Return members
End Function

You should be able to find this information inside the "member"attributeon the DirectoryEntrythat represents the group.

您应该能够在代表组的"member"属性中找到此信息DirectoryEntry。

Microsoft .NET Framework provides a standard library for working with Active Directory: System.DirectoryServices namespacein the System.DirectoryServices.dll.

Microsoft .NET Framework 提供了一个用于使用 Active Directory 的标准库：System.DirectoryServices.dll中的 System.DirectoryServices命名空间。

Microsoft recommends using two main classes from the System.DirectoryServices namespace: DirectoryEntryand DirectorySearcher. In most cases, it is enough to use DirectorySearcher class only.

Microsoft 建议使用 System.DirectoryServices 命名空间中的两个主要类：DirectoryEntry和DirectorySearcher。在大多数情况下，仅使用 DirectorySearcher 类就足够了。

UPDATE: I tested it on my machine - it works. But maybe I've misunderstood your question.

更新：我在我的机器上测试了它 - 它有效。但也许我误解了你的问题。

Here is an example from an excellent CodeProject article:

以下是一篇优秀的CodeProject 文章中的示例：

Get a list of users belonging to a particular AD group

获取属于特定 AD 组的用户列表

using System.DirectoryServices;

ArrayList GetADGroupUsers(string groupName)
{    
   SearchResult result;
   DirectorySearcher search = new DirectorySearcher();
   search.Filter = String.Format("(cn={0})", groupName);
   search.PropertiesToLoad.Add("member");
   result = search.FindOne();

   ArrayList userNames = new ArrayList();
   if (result != null)
   {
       for (int counter = 0; counter < 
          result.Properties["member"].Count; counter++)
       {
           string user = (string)result.Properties["member"][counter];
               userNames.Add(user);
       }
   }
   return userNames;
}