Darqer
Reputation: 2887
How to check whether user is domain administrator in c#
I need to check whether user is in domain administrator group is there an easy way to do it in C# (.net 2.0)?
Upvotes: 1
Views: 2386
Answers (1)
sunder
Reputation: 1843
I feel this code will help you
try
{
DirectoryEntry entry = new DirectoryEntry("LDAP://" + userDomain, userName, password, AuthenticationTypes.Secure);
if (IsDomainAdmin(entry, userName))
{
string fullUserName = userDomain + @"\" + userName;
Console.WriteLine("user is administrator : " + fullUserName);
//PrincipalContext context = new PrincipalContext(
// ContextType.Domain, userDomain);
//if (context.ValidateCredentials(fullUserName, password))
//{
// Console.WriteLine("Success!");
//}
}
else
Console.WriteLine("user is not administrator");
}
catch(Exception ex)
{
Console.WriteLine("invalid username or password, can't authenticate");
}
Console.ReadLine();
}
public static bool IsDomainAdmin(DirectoryEntry entry, string userName)
{
string adminDn = GetAdminDn(entry);
if (!isUserFound(entry, adminDn, userName))
{
string adUser = GetAdministratorsDN(entry);
return isUserFound(entry, adUser, userName);
}
return true;
}
private static bool isUserFound(DirectoryEntry entry, string adminDN, string userName)
{
SearchResult result = (new DirectorySearcher(
entry,
"(&(objectCategory=user)(samAccountName=" + userName + "))",
new[] { "memberOf" })).FindOne();
return result.Properties["memberOf"].Contains(adminDN);
}
public static string GetAdminDn(DirectoryEntry entry)
{
return (string)(new DirectorySearcher(
entry,
"(&(objectCategory=group)(cn=Domain Admins))")
.FindOne().Properties["distinguishedname"][0]);
}
public static string GetAdministratorsDN(DirectoryEntry entry)
{
return (string)(new DirectorySearcher(
entry,
"(&(objectCategory=group)(cn=Administrators))")
.FindOne().Properties["distinguishedname"][0]);
}
}
Please let me know if you have any queries.
Upvotes: 2
Related Questions
- Check if the current user is administrator
- How to find out that my Windows user is a domain user?
- Check if user is part of administrator group - C#
- How to determine if user is an Administrator, even if non-elevated
- How to check if user is an administrator on that machine
- Check if the User is valid user on Domain - Active Directory
- How to check if user with [UserName] and [Password] is domain administrator of [DomainName] without impersonation?
- Can I check if AD user is Domain Admin when Domain Controller is turned off?
- finding out if user used for DirectoryEntry connection is an administrator
- How to check if a given user is a member of the built-in Administrators group?