LDAP Query to getUserGroups

Question

Trying to learn LDAP queries in c# to access get all groups user is assigned to in active directory: I am using System.DirectoryServices:

Havent tested it yet but from throwing examples together I have got:

//This should return all groups for particular user
        public List<string> GetUserGroups(string UserName)
        {
            //create connection
            DirectoryEntry entry = new DirectoryEntry(_lDAPPath);
            DirectorySearcher search = new DirectorySearcher(entry);

            //Get user with UserName
            string query = "(&(objectCategory=User)(objectClass=person)(name=" + UserName + "*))";//(memberOf=*))";
            search.Filter = query;
            //properties returned by query
            search.PropertiesToLoad.Add("memberOf");
            search.PropertiesToLoad.Add("name");

            System.DirectoryServices.SearchResultCollection mySearchResultColl = search.FindAll();

            List<string> userGroups = new List<string>();
            //Should only be one user in foreach loop
            foreach (SearchResult result in mySearchResultColl)
            {
                //for user get each group assigned to
                foreach (string prop in result.Properties["memberOf"])
                {
                    if (prop.Contains(UserName))
                    {
                        //adds group name to string
                        userGroups.Add(result.Properties["memberOf"][0].ToString());
                    }
                }
            }

            return userGroups;
        }

hoping this works. does anyone see any poss problems? ta

Answer 1

It would be preferable to test your code and indicate any bugs you can't handle before posting. However here is tested code which I have been using for years. It searches by cn i.e. Common Name (user alias)

public static List<string> GetUserGroupDetails(string userName)
        {

            DirectorySearcher search = new DirectorySearcher();
            List<string> groupsList = new List<string>();
            search.Filter = String.Format("(cn={0})", userName);
            search.PropertiesToLoad.Add("memberOf");

            SearchResult result = search.FindOne();
            if (result != null)
            {
                int groupCount = result.Properties["memberOf"].Count;

                for (int counter = 0; counter < groupCount; counter++)
                {
                    string s = (string)result.Properties["memberOf"][counter];
                    groupsList.Add(s);
                    // _log.DebugFormat("found group for user {0} : {1}", userName, s);

                }
            }
            else
            {
                _log.Warn("no groups found for user " + userName);
            }
            return groupsList;
        }

Note that the above code also returns email distribution lists for which the user is a member. When I want to exclude these I filter out the entries stating with "dl-".