ActiveDirectory DirectorySearcher: Check if user is member of a group

Question

I want to know if a given user is member of a group or not. Now, I don't know much about ActiveDirecory or Exchange servers, but in Outlook I can see that a user can be "memberOf" a group (and i can query those groups with DirectorySearcher.PropertiesToLoad.Add("memberof");), but there are also other groups that users are not actively members of, but that contain users. If you mail to those groups (or aliases) you reach all the users contained in it.

Basically, given a username (like DOMAIN\JDoe), how to check if it is contained in the group FUNNY_USERS in C#?

Answer 1

The users you see in Outlook is probably distribution groups. There are distribution groups and security groups in Active Directory. It seems like you want to check for either/or.

See my post at this similar question for an example in C# using only ldap calls

Answer 2

Use the System.DirectoryServices.AccountManagement namespace added in .Net 3.5 if it's available. Here's an example for group checking:

using(var pc = new PrincipalContext(ContextType.Domain))
using(var user = UserPrincipal.FindByIdentity(pc, IdentityType.SamAccountName, "DOMAIN\JDoe"))
using(var group = GroupPrincipal.FindByIdentity(pc, "FUNNY_USERS"))
{
    return user.IsMemberOf(group);
 }

Answer 3

Get all members in a group:

http://snipplr.com/view/4646/get-members-of-an-active-directory-distribution-group/

Once you have the list just loop through the usernames once.

Or:

Function to return all the groups the user is a member of