Results 1 to 4 of 4

Thread: Finding If User Is A Member Of A Group

  1. #1
    Join Date
    Jan 2006
    Posts
    142

    Finding If User Is A Member Of A Group

    I want to find out by using C#, if a user is a member of an AD group but I am not able to get it to work? I have tried many examples on the net, can anyone help me out? Below is the code:

    Code:
    public void LookupUser()
    {
    bool UserExists = false;
    string UserName = "FrankB@MadeUp.com";
    string GroupName = "Europa No.1";
    string strPath = "CN="+GroupName+",OU=SomeOU,DC=SomeName,DC=co,DC=uk";
    
    DirectoryEntry userGroup = new DirectoryEntry(strPath);
    DirectorySearcher searcher = new DirectorySearcher(userGroup);
    //Set up the LDAP search filter
    string strFilter =
    String.Format("(&(objectCategory=person)(objectClass=user)(sAMAccountName={0}))", UserName);
    searcher.Filter = strFilter;
    SearchResult result = null;
    if (searcher != null)
    {
    result = searcher.FindOne();
    }
    if(result != null)
    for (int counter = 0; counter <
    result.Properties["member"].Count; counter++)
    {
    string user = (string)result.Properties["member"][counter];
    if(user.ToUpper()==UserName.ToUpper())
    {
    UserExists=true;
    }
    else
    {
    if(bool.Parse(UserExists.ToString())==true){}
    else
    {
    UserExists=false;
    }
    }
    }
    }
    Code:
    public void LookupUser2 ()
    {
    string UserName = "FrankB@MadeUp.com";
    string GroupName = "Europa No.1";
    DirectoryEntry objADAM;
    DirectoryEntry objGroupEntry;
    DirectorySearcher objSearchADAM;
    SearchResultCollection objSearchResults;
    string strPath;
    
    // Construct the binding string.
    strPath = "CN="+GroupName+",OU=SomeOU,DC=SomeName,DC=co,DC=uk";
    
    // Get the AD LDS object.
    objADAM = new DirectoryEntry(strPath);
    objADAM.RefreshCache();
    
    // Get search object, specify filter and scope,
    // perform search.
    objSearchADAM = new DirectorySearcher(objADAM);
    objSearchADAM.Filter = "(&(objectClass=group))";
    objSearchADAM.SearchScope = SearchScope.Subtree;
    objSearchResults = objSearchADAM.FindAll();
    
    // Enumerate groups and members.
    if (objSearchResults.Count != 0)
    {
    foreach(SearchResult objResult in objSearchResults)
    {
    objGroupEntry = objResult.GetDirectoryEntry();
    Console.WriteLine("Group    {0}",
    objGroupEntry.Name);
    foreach(object objMember
    in objGroupEntry.Properties["member"])
    {
    Console.WriteLine(" Member: {0}",
    objMember.ToString());
    }
    }
    }
    else
    {
    Console.WriteLine("Results: No groups found.");
    }
    }

  2. #2
    Join Date
    Nov 2005
    Posts
    2,496

    Re: Finding If User Is A Member Of A Group

    I think that by using the System.DirectoryServices.AccountManagement namespace added in .NET 3.5 if it is available. Below is an example for group checking:

    Code:
    using(var pc = new PrincipalContext(ContextType.Domain))
    using(var user = UserPrincipal.FindByIdentity(pc, IdentityType.SamAccountName, "DOMAIN\JDoe"))
    using(var group = GroupPrincipal.FindByIdentity(pc, "FUNNY_USERS"))
    {
        return user.IsMemberOf(group);
     }

  3. #3
    Join Date
    Dec 2007
    Posts
    2,291

    Re: Finding If User Is A Member Of A Group

    Well, if you want to check for group membership and if it is alright for you to test against the domain instead of against AD then you can simple use the below code:

    Code:
    bool IsInGroup(string user, string group)
    {
        using (var identity = new WindowsIdentity(user))
        {
            var principal = new WindowsPrincipal(identity);
            return principal.IsInRole(group);
        }
    }

  4. #4
    Join Date
    Apr 2008
    Posts
    2,005

    Re: Finding If User Is A Member Of A Group

    I think that you might be using the wrong API for the task you are doing. Do you intend to write an authentication code for an application? If yes then there must be a simple API that you can use. Like for instance, in ASP.NET, you can try to access this information using the Page.User object. Or else whether the purpose of the application is to query Active Directory?

Similar Threads

  1. Replies: 3
    Last Post: 08-07-2010, 08:40 AM
  2. Add domain user\group to local admin group problem
    By Landon in forum Active Directory
    Replies: 3
    Last Post: 16-10-2009, 09:30 PM
  3. Add user in freebsd to secondary group not primary group
    By FreeBSD in forum Operating Systems
    Replies: 3
    Last Post: 11-08-2009, 06:38 PM
  4. Replies: 2
    Last Post: 04-07-2008, 06:10 AM
  5. Exporting member of a particular group using csvde
    By Graham in forum Active Directory
    Replies: 8
    Last Post: 27-03-2008, 06:01 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Page generated in 1,711,642,928.29489 seconds with 17 queries