Reputation: 3683
How I can find a user in Active Directory Group with SubGroups?
I have a Problem with ASP.NET and Active Directory.
I want to find out whether the User is in a Groupe of the Active Directory and if he is in this Group he can see more. For this I write a Function with a filterstring. The Problem is that in our company we switch the Groups and the structure is not static. For this I search the Group first and than I search a user in the Group with the parameter member-of...
here is the structure of our AD:
Here is my Code for saerch the group:
public string GetGroup(string groupname)
{
string path = "<OurDomain>";
DirectoryEntry rootEntry = new DirectoryEntry(path);
DirectorySearcher srch = new DirectorySearcher(rootEntry);
srch.SearchScope = SearchScope.Subtree;
srch.Filter = "(&(objectCategory=Group)(name=" + groupname + "))";
SearchResult resFilter = srch.FindOne();
string filterpath = resFilter.Path;
return filterpath;
}
My method for find the user:
public bool IsUserInGroup(string username,string groupepath)
{
string path = "<OurDomain>";
DirectoryEntry rootEntry = new DirectoryEntry(path);
DirectorySearcher srch = new DirectorySearcher(rootEntry);
srch.SearchScope = SearchScope.Subtree;
srch.Filter = "(&(objectClass=user)(sAMAccountName=*" + username + "*)(memberof=CN=GastzugangUser,OU=SubFolderB,OU=FolderB,DC=company,DC=com))";
SearchResultCollection res = srch.FindAll();
if (res == null || res.Count <= 0)
{
return false;
}
else
{
return true;
}
}
How I can search a User in the SubGroups of a Group and that dynamic? :(
Upvotes: 0
Views: 3147
Answers (2)
Reputation: 754268
If you're on .NET 3.5 and up, you should check out the System.DirectoryServices.AccountManagement (S.DS.AM) namespace. Read all about it here:
- Managing Directory Security Principals in the .NET Framework 3.5
- MSDN docs on System.DirectoryServices.AccountManagement
Basically, you can define a domain context and easily find users and/or groups in AD:
// set up domain context
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain))
{
// find a user
UserPrincipal user = UserPrincipal.FindByIdentity(ctx, "SomeUserName");
if(user != null)
{
// GetAuthorizationGroups returns a list of GroupPrincipals and work recursively
var groupsForUser = user.GetAuthorizationGroups();
// then check to see if that group you want it part of this list
}
}
The new S.DS.AM makes it really easy to play around with users and groups in AD!
Upvotes: 1
Reputation: 7612
Didn't try that but does adding this to the filter help? http://ldapwiki.willeke.com/wiki/1.2.840.113556.1.4.1941
e.g.
(&(objectClass=user)(sAMAccountName=*" + username + "*)(memberof:1.2.840.113556.1.4.1941:=CN=GastzugangUser,OU=SubFolderB,OU=FolderB,DC=company,DC=com))";
Upvotes: 1
Related Questions
- Searching in Active Directory for a user with a given login in a given group
- Find Users by Query inside a Active Directory Group
- LDAP Find groups for a Active Directory User in .NET
- Active Directory: find details of users in group without mass search
- Find members and members of sub-group
- Active directory : get groups where a user is member
- Searching Active Directory Users Only in Specified Group in C#
- Active directory search for all groups and users matching a particular name in c# using System.DirectoryServices.AccountManagement?
- C# Active Directory Group Querying
- Get only users who belong to a specific group