 |
|
|
hi, its a nice article and could you give some idea on how to get owner name of a group
|
|
|
|
|
|
|
Script kiddies make this mistake quite often too. The correct way to get a user's group memberships is to open their token (GetProcessToken) and enumerate the SID's (TOKEN_GROUPS) on it - since the token is generated at logon, there is NO need to contact the AD at all. The only operation that requires a roundtrip to the AD is to resolve the SID's of the nested groups that a user is a member of into their name.
If all this sounds too hard, then at least use the TokenGroups attribute of the user account to get the nested groups in ONE operation (KB301916).
Here endith the lesson.
|
|
|
|
|
|
|
How can I get the list of groups the user is NOT a member of (or just a list of all the groups defined on their system)?
Thanks
Phil.
|
|
|
|
|
|
|
how we get the list of members from domain users group in active directroy.Actually the code is not fetching the members from domain users group .
private void Page_Load(object sender, System.EventArgs e)
{
StringCollection groupMembers = this.GetGroupMembers("pardesifashions","Debugger Users");
foreach (string strMember in groupMembers)
{
Response.Write("<br><b>" + strMember + "</b>");
}
}
public StringCollection GetGroupMembers(string strDomain, string strGroup)
{
StringCollection groupMemebers = new StringCollection();
try
{
DirectoryEntry ent = new DirectoryEntry("LDAP://DC=" + strDomain + ",DC=com");
DirectorySearcher srch = new DirectorySearcher("(CN=" + strGroup + ")");
SearchResultCollection coll = srch.FindAll();
foreach (SearchResult rs in coll)
{
ResultPropertyCollection resultPropColl = rs.Properties;
foreach( Object memberColl in resultPropColl["member"])
{
DirectoryEntry gpMemberEntry = new DirectoryEntry("LDAP://" + memberColl);
System.DirectoryServices.PropertyCollection userProps = gpMemberEntry.Properties;
object obVal = userProps["sAMAccountName"].Value;
if (null != obVal)
{
groupMemebers.Add(obVal.ToString());
}
}
}
}
catch (Exception ex)
{
Trace.Write(ex.Message);
}
return groupMemebers;
}
|
|
|
|
|
|
|
is this method recursive
and it will bring all groups even nested the
universal groups
Refky Wahib
senior programmer, center for learning and innovation
|
|
|
|
|
|
|
I am not the brightest pin in the box so forgive me if this is a doff question.
The article is nice, simple and to the point and certainly it is going to help me with a current project.
However that same project requires both Active Directory and Windows NT support.
Do you have any idea how to check NT accounts in .NET? No Active Directory. ta
Paul Watson
Bluegrass
Cape Town, South Africa
Macbeth muttered:
I am in blood / Stepped in so far, that should I wade no more, / Returning were as tedious as go o'er
DavidW wrote:
You are totally mad. Nice.
|
|
|
|
|
|
|
Do you want to see if a user is in a praticular group or do you want to list all the gropus user belongs to?
If you want to see if the user belongs to a praticular group you can easily use "User.IsInRole" method.
|
|
|
|
|
|
|
|
|
|
The UserInProfile() can be used with only windows authentication. So if you are using forms authentication we still need to write some code like above.
|
|
|
|
|
|
|
It is pretty much the same code but with a change that WinNt provider does not suport searching.
public StringCollection GetUserGroupMembership(string strDomain, string strUser)
{
StringCollection userGps = new StringCollection();
DirectoryEntry obDirEnt = new DirectoryEntry("WinNT://" + strDomain + "/" + strUser);
object obGps = obDirEnt.Invoke("Groups");
if (null != obGps)
{
foreach (object obGp in (IEnumerable)obGps)
{
DirectoryEntry obGpEnt = new DirectoryEntry(obGp);
userGps.Add(obGpEnt.Name);
}
}
return userGps;
}
---
Softomatix
http://www.pardesifashions.com/Softomatix/default.aspx
|
|
|
|
|
|
|
|
|
|
Why so complicated???
public StringCollection GetUserGroupMembership(string strDomain, string strUser)
{
StringCollection userGps = new StringCollection();
DirectoryEntry obDirEnt = new DirectoryEntry("WinNT://" + strDomain + "/" + strUser);
object obGps = obDirEnt.Invoke("Groups");
if (null != obGps)
{
foreach (object obGp in (IEnumerable)obGps)
{
DirectoryEntry obGpEnt = new DirectoryEntry(obGp);
userGps.Add(obGpEnt.Name);
}
}
return userGps;
}
Can't you just use
foreach(object oGroup in obDirEnt.Properties["memberOf"])
...
instead?? Seems a lot nicer than having to go through a "Invoke" call and all that messy stuff....
Marc
=============================
Marc Scheuner, Berne, Switzerland
m.scheuner - at - inova.ch
May The Source Be With You!
|
|
|
|
|
|
|
I agree, Marc. And DirectorySearcher.FindOne method in the code could also cause memory leak problem.
|
|
|
|
|
|
|
That's fine for getting a list of all the groups a user is a direct member of but if you want to find all the groups he as "effective permission" in due to the user being a member of group1 which is a member of group2, it will not list group2. There is a work around using LDAP:
(member:1.2.840.113556.1.4.1941:=(cn=user1,cn=users,DC=x))
or if you just want to find out if a user is a member of a specific group:
DirectoryEntry deUser = new DirectoryEntry(userPath);
string filter = String.Format("(memberOf:1.2.840.113556.1.4.1941:={0})", groupDN);
DirectorySearcher ds = new DirectorySearcher(deUser, filter, null, SearchScope.Base);
SearchResult sr = ds.FindOne();
if (sr != null)
{
}
|
|
|
|
|
) much appreciated. I have been hassling with COM interop and just realised .NET already does all I need. 
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Rant 
Admin