Reputation: 2416
Determine Email Address of an AD Security Group
In AD here at work, we have some security groups that are mail enabled. I am using the System.DirectoryServices.AccountManagement namespace like so:
List<GroupPrincipal> result = new List<GroupPrincipal>();
using (PrincipalContext domain = new PrincipalContext(ContextType.Domain, userinfo[0]))
using (UserPrincipal user = UserPrincipal.FindByIdentity(domain, username))
{
if (user != null)
{
PrincipalSearchResult<Principal> groups = user.GetAuthorizationGroups();
int totalGroupCounter = 0;
StringBuilder output = new StringBuilder();
List<GroupPrincipal> securityGroups = new List<GroupPrincipal>();
List<GroupPrincipal> distributionGroups = new List<GroupPrincipal>();
foreach (Principal group in groups)
{
totalGroupCounter++;
if (((GroupPrincipal)group).IsSecurityGroup.Value)
securityGroups.Add((GroupPrincipal)group);
else
distributionGroups.Add((GroupPrincipal)group);
}
}
}
Armed with this info, what's the correct way to find the group's email address?
Upvotes: 4
Views: 5038
Answers (3)
Reputation: 1
The safest way to test for an mail-enabled group is to read the proxyAddresses and test for any entry witch starts with "smtp:". Only test for the email-field is not sufficient. Extend the GroupPrincipal like
public bool IsMailEnabled
{
get
{
var proxyAddresses = ExtensionGet("proxyAddresses");
if (proxyAddresses == null)
return false;
if (proxyAddresses.Length == 0)
return false;
try
{
List<string> proxyAddressesStringList = proxyAddresses.Cast<string>().ToList();
if (proxyAddressesStringList.Where(x => x.StartsWith("smtp:", StringComparison.InvariantCultureIgnoreCase)).Count() > 0)
return true;
else
return false;
}
catch
{
return false;
}
}
}
Upvotes: 0
Reputation: 4249
The AccountManagement libraries limit which properties you can access. If you want to get the email property for a group, you'll need to cast it back to a DirectoryEntry object.
PropertyValueCollection email = ((DirectoryEntry)group.GetUnderlyingObject()).Properties["mail"];
if (email.Value != null)
{
// Do something with email property
}
Upvotes: 12
Reputation: 25541
I consider marc_s an expert on active directory topics, but, I too had a security group that had an e-mail address associated with it. Here is how I was able to fetch the e-mail from it:
private void GetGroupEmail() {
using (var searcher = new DirectorySearcher()) {
searcher.Filter = "(&(objectClass=group))";
searcher.SearchRoot = entry;
searcher.PropertiesToLoad.Add("mail");
foreach (SearchResult sr in searcher.FindAll()) {
var email = GetSearchResultProperty(sr, "mail");
}
}
}
private string GetSearchResultProperty(SearchResult sr, string propertyName) {
var property = sr.Properties[propertyName];
if (property != null && property.Count > 0) {
return (string)property[0];
} else {
return null;
}
}
Upvotes: 0
Related Questions
- How to find Active Directory group email address using AD group name in C#
- Get AD Group name from the Email
- Get Email of an AD Group using C#
- Using DirectoryServices.AccountManagement, how do I get the e-mail address of an active directory security group?
- Get users from an AD Security group inside a SharePoint group
- Get list of email addresses from ADGroup
- Finding AD Distro Group samaccountname with email address
- Checking group membership
- Get users email addresses from Active Directory group
- How do I email Active Directory distribution groups from a c# web application?