Introduction
In the previous article, How to get
members of a group using DirectoryServices we showed how you can get list of
members in a group. In this article we will show you the other way i.e. how to
get list of groups that a user belongs to. There is no direct call in
DirectoryServices namepsace that will get this accomplished. You
can use DirectorySearcher class to get the user object. And then
call Invoke method to call Groups method defined in
ADSI.
Code Listing
private void Page_Load(object sender, System.EventArgs e)
{
StringCollection groups = this.GetUserGroupMembership("foo");
foreach (string gp in groups)
{
Response.Write("<br><b>" + gp + "</b>");
}
}
private StringCollection GetUserGroupMembership(string strUser)
{
StringCollection groups = new StringCollection();
try
{
DirectoryEntry obEntry = new DirectoryEntry(
"LDAP://CN=users,DC=pardesifashions,DC=com");
DirectorySearcher srch = new DirectorySearcher(obEntry,
"(sAMAccountName=" + strUser + ")");
SearchResult res = srch.FindOne();
if (null != res)
{
DirectoryEntry obUser = new DirectoryEntry(res.Path);
object obGroups = obUser.Invoke("Groups");
foreach (object ob in (IEnumerable)obGroups)
{
DirectoryEntry obGpEntry = new DirectoryEntry(ob);
groups.Add(obGpEntry.Name);
}
}
}
catch (Exception ex)
{
Trace.Write(ex.Message);
}
return groups;
}
| You must Sign In to use this message board. |
|
| | Msgs 1 to 13 of 13 (Total in Forum: 13) (Refresh) | FirstPrevNext |
|
 |
|
|
how we get the list of members from domain users group in active directroy.Actually the code is not fetching the members from domain users group .
private void Page_Load(object sender, System.EventArgs e)
{
StringCollection groupMembers = this.GetGroupMembers("pardesifashions","Debugger Users");
foreach (string strMember in groupMembers)
{
Response.Write("<br><b>" + strMember + "</b>");
}
}
public StringCollection GetGroupMembers(string strDomain, string strGroup)
{
StringCollection groupMemebers = new StringCollection();
try
{
DirectoryEntry ent = new DirectoryEntry("LDAP://DC=" + strDomain + ",DC=com");
DirectorySearcher srch = new DirectorySearcher("(CN=" + strGroup + ")");
SearchResultCollection coll = srch.FindAll();
foreach (SearchResult rs in coll)
{
ResultPropertyCollection resultPropColl = rs.Properties;
foreach( Object memberColl in resultPropColl["member"])
{
DirectoryEntry gpMemberEntry = new DirectoryEntry("LDAP://" + memberColl);
System.DirectoryServices.PropertyCollection userProps = gpMemberEntry.Properties;
object obVal = userProps["sAMAccountName"].Value;
if (null != obVal)
{
groupMemebers.Add(obVal.ToString());
}
}
}
}
catch (Exception ex)
{
Trace.Write(ex.Message);
}
return groupMemebers;
}
|
| Sign In·View Thread·PermaLink | 2.00/5 (1 vote) |
|
|
|
|
|
|
is this method recursive
and it will bring all groups even nested the
universal groups
Refky Wahib
senior programmer, center for learning and innovation
|
| Sign In·View Thread·PermaLink | |
|
|
|
|
|
|
I am not the brightest pin in the box so forgive me if this is a doff question.
The article is nice, simple and to the point and certainly it is going to help me with a current project.
However that same project requires both Active Directory and Windows NT support.
Do you have any idea how to check NT accounts in .NET? No Active Directory. ta
Paul Watson
Bluegrass
Cape Town, South Africa
Macbeth muttered:
I am in blood / Stepped in so far, that should I wade no more, / Returning were as tedious as go o'er
DavidW wrote:
You are totally mad. Nice.
|
| Sign In·View Thread·PermaLink | |
|
|
|
|
|
|
Do you want to see if a user is in a praticular group or do you want to list all the gropus user belongs to?
If you want to see if the user belongs to a praticular group you can easily use "User.IsInRole" method.
|
| Sign In·View Thread·PermaLink | |
|
|
|
|
|
|
|
|
|
The UserInProfile() can be used with only windows authentication. So if you are using forms authentication we still need to write some code like above.
|
| Sign In·View Thread·PermaLink | |
|
|
|
|
|
|
It is pretty much the same code but with a change that WinNt provider does not suport searching.
public StringCollection GetUserGroupMembership(string strDomain, string strUser)
{
StringCollection userGps = new StringCollection();
DirectoryEntry obDirEnt = new DirectoryEntry("WinNT://" + strDomain + "/" + strUser);
object obGps = obDirEnt.Invoke("Groups");
if (null != obGps)
{
foreach (object obGp in (IEnumerable)obGps)
{
DirectoryEntry obGpEnt = new DirectoryEntry(obGp);
userGps.Add(obGpEnt.Name);
}
}
return userGps;
}
---
Softomatix
http://www.pardesifashions.com/Softomatix/default.aspx
|
| Sign In·View Thread·PermaLink | |
|
|
|
|
|
|
|
|
|
Why so complicated???
public StringCollection GetUserGroupMembership(string strDomain, string strUser)
{
StringCollection userGps = new StringCollection();
DirectoryEntry obDirEnt = new DirectoryEntry("WinNT://" + strDomain + "/" + strUser);
object obGps = obDirEnt.Invoke("Groups");
if (null != obGps)
{
foreach (object obGp in (IEnumerable)obGps)
{
DirectoryEntry obGpEnt = new DirectoryEntry(obGp);
userGps.Add(obGpEnt.Name);
}
}
return userGps;
}
Can't you just use
foreach(object oGroup in obDirEnt.Properties["memberOf"])
...
instead?? Seems a lot nicer than having to go through a "Invoke" call and all that messy stuff....
Marc
=============================
Marc Scheuner, Berne, Switzerland
m.scheuner - at - inova.ch
May The Source Be With You!
|
| Sign In·View Thread·PermaLink | 4.50/5 (2 votes) |
|
|
|
|
|
|
I agree, Marc. And DirectorySearcher.FindOne method in the code could also cause memory leak problem.
|
| Sign In·View Thread·PermaLink | 2.00/5 (1 vote) |
|
|
|
|
|
|
That's fine for getting a list of all the groups a user is a direct member of but if you want to find all the groups he as "effective permission" in due to the user being a member of group1 which is a member of group2, it will not list group2. There is a work around using LDAP:
(member:1.2.840.113556.1.4.1941:=(cn=user1,cn=users,DC=x))
or if you just want to find out if a user is a member of a specific group:
DirectoryEntry deUser = new DirectoryEntry(userPath);
string filter = String.Format("(memberOf:1.2.840.113556.1.4.1941:={0})", groupDN);
DirectorySearcher ds = new DirectorySearcher(deUser, filter, null, SearchScope.Base);
SearchResult sr = ds.FindOne();
if (sr != null)
{
}
|
| Sign In·View Thread·PermaLink | |
|
|
|
|
|
|
General 
News 
Question 
Answer 
Joke 
Rant 
Admin
) much appreciated. I have been hassling with COM interop and just realised .NET already does all I need. 