MKC06
asked on
Visual Basic 2008 Active Directory Group Membrship
I have an application I'm creating that when a user starts I want to check an security group in AD to verify the users membership. I was able to create the routines to get the domain & UserID by the workstation login so now i just need a process for comparing a user to a AD group.
Thanks in advance!
Michael
Thanks in advance!
Michael
Hi Michael,
That should be fine. Can we a ssume the program is running as an authenticated user?
If so, we have System.DirectoryServices. We can use that to find the user in AD and grab the group membership (memberOf). Presumably you'd like samples? ;)
Chris
ASKER
Hi Chris,
Yes,if you have an example that would be great, I'm just not sure how to construct the code. For example, I have the user name captured in a variable called strGetUserID, and the domain strDomain, I want to validate the user against an AD group called a_Synapse_Admins.
Thank you,
Michael
Yes,if you have an example that would be great, I'm just not sure how to construct the code. For example, I have the user name captured in a variable called strGetUserID, and the domain strDomain, I want to validate the user against an AD group called a_Synapse_Admins.
Thank you,
Michael
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
That works perfectly Chris!, thank you so much. Below is the code I came up with for my project
'Check AD group member ship in the A_Synapse_Admins AD group
'Returns True if the userid is a synapse Admin
Dim rootDSE As New DirectoryEntry("LDAP://" & rDomain() & "/RootDSE")
Dim strGroupName As String
Dim filterString As String = "(&(objectClass=user)(objectCategory=person)(sAMAccountName=" & rGetUserName() & "))"
Dim domainRoot As New DirectoryEntry("LDAP://" & rDomain() & "/" & rootDSE.Properties("defaultNamingContext")(0).ToString())
Dim domainSearch As New DirectorySearcher(domainRoot, filterString)
domainSearch.PropertiesToLoad.Add("memberOf")
Dim domainSearchResult As SearchResult = domainSearch.FindOne()
strGroupName = "a_Synapse_Admins"
sResults.Text = "MemberOf: False"
For Each domainGroup In domainSearchResult.Properties("memberof")
If InStr(domainGroup, strGroupName) > 0 Then
sResults.Text = "MemberOf: True"
Exit For
End If
ASKER
Thanks again!
Glad I could help out :)
Chris
Dsquery is to get an object from AD and Dsget if for getting a property of the object.
So if you want to know who is member of the the domain admins try:
dsquery group -name "domain admins" | dsget group -members
I hope thios works for you. Good luck!