?
Solved

Active Directory Groups

Posted on 2012-08-16
7
Medium Priority
?
615 Views
Last Modified: 2012-08-26
I'm using code suggested by an EE expert to get the Promary Group Name when I pass in the username

How could I modify the code to create either a list or a comma seperated string of ALL the groups that the user belongs to?

If enumerator.MoveNext Then
            result = DirectCast(enumerator.Current, SearchResult)
            primaryGroupId = DirectCast(result.Properties("primaryGroupId")(0), Integer)
            ReDim primaryGroupSid(domainSid.Length + 3)
            Array.Copy(domainSid, primaryGroupSid, domainSid.Length)
            Array.Copy(BitConverter.GetBytes(primaryGroupId), 0, primaryGroupSid, domainSid.Length, 4)
            primaryGroupSid(1) = Convert.ToByte((primaryGroupSid.Length - 8) \ 4)
            primaryGroupOctet = ConvertToOctetString(primaryGroupSid)
            primaryGroup = New DirectoryEntry(String.Format("LDAP://<SID={0}>", primaryGroupOctet))
            primaryGroupName = DirectCast(primaryGroup.Properties("samAccountName").Value, String)

            primaryGroup.Dispose()
        Else
            primaryGroupName = String.Empty
        End If

Open in new window

0
Comment
Question by:lrbrister
  • 4
  • 2
7 Comments
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38303276
Can you please share the Windows and Exchange version and what you exactly want to see if there could be a different way to assist you with the issue.

- Rancy
0
 
LVL 19

Expert Comment

by:PeteJThomas
ID: 38307771
Have you considered using powershell? With the powershell module for AD installed, you could simply try something like:

Get-ADUser -Identity <User Identifier> -Properties memberof

to list the memberof attribute for the user specified by the -Identity parameter.

Just an idea!

HTH

Pete
0
 

Author Comment

by:lrbrister
ID: 38311363
PeteJThomas,
  I need to look at the groups as people log onto the Intranet site.

Does the Powershell allow that and if so what's the process for installing?
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
LVL 19

Expert Comment

by:PeteJThomas
ID: 38312742
You've lost me a little bit...

The command I listed will query a domain controller, locate the user object in question and return the contents of the user object's "memberof" attribute. (I believe you can query a specific domain controller if needed).

So the information it returns will be current as of the time you ran the command. Does that sound that what you need? Or am I missing something?

Are you talking about automating the data collection? Or running it manually as and when needed?

Pete
0
 

Accepted Solution

by:
lrbrister earned 0 total points
ID: 38312780
PeteJThomas

I did come up with a function that gets what I need (Based on an online project I found)

Did I phrase my question poorly?
new to Active Directory programming and realize my questions may make no sense.

I also have a new question posted where I'm looking to filter a search result.


 Public Shared Function GetPrimaryGroupName(ByVal userSamAccountName As String) As String
        Dim domainSid() As Byte
        Dim primaryGroupSid() As Byte
        Dim primaryGroupId As Integer
        Dim primaryGroupOctet As String
        Dim primaryGroupName As String
        Dim rootDse As DirectoryEntry
        Dim domainRoot As DirectoryEntry
        Dim primaryGroup As DirectoryEntry
        Dim searcher As DirectorySearcher
        Dim results As SearchResultCollection
        Dim result As SearchResult
        Dim enumerator As IEnumerator


        rootDse = New DirectoryEntry("LDAP://rootDSE")
        domainRoot = New DirectoryEntry("LDAP://" + DirectCast(rootDse.Properties("defaultNamingContext").Value, String))


        domainSid = DirectCast(domainRoot.Properties("objectSID").Value, Byte())
        searcher = New DirectorySearcher(domainRoot)
        searcher.SearchScope = SearchScope.Subtree
        searcher.CacheResults = False
        searcher.PropertiesToLoad.AddRange(New String() {"primaryGroupID"})
        searcher.Filter = String.Format("(&(objectCategory=user)(sAMAccountName={0}))", userSamAccountName)


        results = searcher.FindAll() 'I don't use FindOne because it leaks memory if the search fails in 1.1 or lower... 
        enumerator = results.GetEnumerator
        If enumerator.MoveNext Then
            result = DirectCast(enumerator.Current, SearchResult)
            primaryGroupId = DirectCast(result.Properties("primaryGroupId")(0), Integer)
            ReDim primaryGroupSid(domainSid.Length + 3)
            Array.Copy(domainSid, primaryGroupSid, domainSid.Length)
            Array.Copy(BitConverter.GetBytes(primaryGroupId), 0, primaryGroupSid, domainSid.Length, 4)
            primaryGroupSid(1) = Convert.ToByte((primaryGroupSid.Length - 8) \ 4)
            primaryGroupOctet = ConvertToOctetString(primaryGroupSid)
            primaryGroup = New DirectoryEntry(String.Format("LDAP://<SID={0}>", primaryGroupOctet))
            primaryGroupName = DirectCast(primaryGroup.Properties("samAccountName").Value, String)

            primaryGroup.Dispose()
        Else
            primaryGroupName = String.Empty
        End If
        results.Dispose()
        searcher.Dispose()
        domainRoot.Dispose()
        rootDse.Dispose()

        Return primaryGroupName
    End Function

Open in new window

0
 

Author Comment

by:lrbrister
ID: 38316364
PeteJThomas
This code will be used on a WebPage and/or WinForm's and MS Access databases.

I've been hired to consolidate everything into (as much as possible) one WinForm application.

When the person opens the Application, it will look at the groups they're part of and if the group is in that string I'm returning, they get access to the Application.  If not...no Access.

They'll get access to sub modules based on the AD Departments they're in.
0
 

Author Closing Comment

by:lrbrister
ID: 38333803
Worked through my own solution
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
Measuring Server's processing rate with a simple powershell command. The differences in processing rate also was recorded in different use-cases, when a server in free and busy states.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

755 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question