Using Active Directory to get a System Domain User's groups in C#

Posted on 2005-04-05
Last Modified: 2008-03-06

I am attempting to use C# code to get the Active Directory groups that a user belongs to.

This is the code I have so far...

DirectoryEntry objRootEntry=new DirectoryEntry("");

DirectorySearcher objADSearcher=new DirectorySearcher(objRootEntry);

string strLogin = <The user's userid>;

SearchResult objResult=objADSearcher.FindOne();

if (objResult != null)
      int groupCount = objResult.Properties["memberOf"].Count;

      for (int counter=0; counter<groupCount; counter++)
          string strGroup = (string)objResult.Properties["memberOf"][counter];

This works fine - as long as the user has a System Account.  If the user has a Domain User Account, I get the following error:

Object reference not set to an instance of an object.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.NullReferenceException: Object reference not set to an instance of an object.

Source Error:

Line 333:                  if (objResult != null)
Line 334:                  {
Line 335:                        int groupCount = objResult.Properties["memberOf"].Count;
Line 336:
Line 337:                        for (int counter=0; counter<groupCount; counter++)

"memberOf" doesn't seem to exist for Domain Users.

Any help or suggestions would be greatly appreciated.

Thank you in advance,
Question by:tmitchell68
    LVL 20

    Expert Comment

    As you have already noticed, user object's "memberOf" attribute does not contain "primary group" (e.g. Domain Users group). It also pick up only security groups and distribution groups of which the user is a direct member. So if your active directory contains recursive list of nested group relationship, you won't find them in the attribute.

    There's another attribute, "tokenGroups". It returns primary group and all groups membership including nested relationship, but security groups only. So depend on your active directory structure and what you want, this could quite complicated since you might need to use several methods to query group membership.
    LVL 20

    Accepted Solution

    Anyway, to prevent the code from throwing the exception, you can try this

    if ( objResult.Properties.Contains("memberOf") )
       for (int counter=0; counter<objResult.Properties["memberOf"].Count; counter++)

    Author Comment

    Thank you.


    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    This article describes a simple method to resize a control at runtime.  It includes ready-to-use source code and a complete sample demonstration application.  We'll also talk about C# Extension Methods. Introduction In one of my applicationsā€¦
    Entity Framework is a powerful tool to help you interact with the DataBase but still doesn't help much when we have a Stored Procedure that returns more than one resultset. The solution takes some of out-of-the-box thinking; read on!
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the eā€¦
    This video discusses moving either the default database or any database to a new volume.

    733 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now