[Last Call] Learn how to a build a cloud-first strategyRegister Now


Using Active Directory to get a System Domain User's groups in C#

Posted on 2005-04-05
Medium Priority
Last Modified: 2008-03-06

I am attempting to use C# code to get the Active Directory groups that a user belongs to.

This is the code I have so far...

DirectoryEntry objRootEntry=new DirectoryEntry("");

DirectorySearcher objADSearcher=new DirectorySearcher(objRootEntry);

string strLogin = <The user's userid>;

SearchResult objResult=objADSearcher.FindOne();

if (objResult != null)
      int groupCount = objResult.Properties["memberOf"].Count;

      for (int counter=0; counter<groupCount; counter++)
          string strGroup = (string)objResult.Properties["memberOf"][counter];

This works fine - as long as the user has a System Account.  If the user has a Domain User Account, I get the following error:

Object reference not set to an instance of an object.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.NullReferenceException: Object reference not set to an instance of an object.

Source Error:

Line 333:                  if (objResult != null)
Line 334:                  {
Line 335:                        int groupCount = objResult.Properties["memberOf"].Count;
Line 336:
Line 337:                        for (int counter=0; counter<groupCount; counter++)

"memberOf" doesn't seem to exist for Domain Users.

Any help or suggestions would be greatly appreciated.

Thank you in advance,
Question by:tmitchell68
  • 2
LVL 20

Expert Comment

ID: 13714894
As you have already noticed, user object's "memberOf" attribute does not contain "primary group" (e.g. Domain Users group). It also pick up only security groups and distribution groups of which the user is a direct member. So if your active directory contains recursive list of nested group relationship, you won't find them in the attribute.

There's another attribute, "tokenGroups". It returns primary group and all groups membership including nested relationship, but security groups only. So depend on your active directory structure and what you want, this could quite complicated since you might need to use several methods to query group membership.
LVL 20

Accepted Solution

ihenry earned 750 total points
ID: 13717148
Anyway, to prevent the code from throwing the exception, you can try this

if ( objResult.Properties.Contains("memberOf") )
   for (int counter=0; counter<objResult.Properties["memberOf"].Count; counter++)

Author Comment

ID: 13720691
Thank you.


Featured Post


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Summary: Persistence is the capability of an application to store the state of objects and recover it when necessary. This article compares the two common types of serialization in aspects of data access, readability, and runtime cost. A ready-to…
This article introduced a TextBox that supports transparent background.   Introduction TextBox is the most widely used control component in GUI design. Most GUI controls do not support transparent background and more or less do not have the…
Loops Section Overview
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question