Larry Brister
asked on
Active Directory Groups
I'm using code suggested by an EE expert to get the Promary Group Name when I pass in the username
How could I modify the code to create either a list or a comma seperated string of ALL the groups that the user belongs to?
How could I modify the code to create either a list or a comma seperated string of ALL the groups that the user belongs to?
If enumerator.MoveNext Then
result = DirectCast(enumerator.Current, SearchResult)
primaryGroupId = DirectCast(result.Properties("primaryGroupId")(0), Integer)
ReDim primaryGroupSid(domainSid.Length + 3)
Array.Copy(domainSid, primaryGroupSid, domainSid.Length)
Array.Copy(BitConverter.GetBytes(primaryGroupId), 0, primaryGroupSid, domainSid.Length, 4)
primaryGroupSid(1) = Convert.ToByte((primaryGroupSid.Length - 8) \ 4)
primaryGroupOctet = ConvertToOctetString(primaryGroupSid)
primaryGroup = New DirectoryEntry(String.Format("LDAP://<SID={0}>", primaryGroupOctet))
primaryGroupName = DirectCast(primaryGroup.Properties("samAccountName").Value, String)
primaryGroup.Dispose()
Else
primaryGroupName = String.Empty
End If
Have you considered using powershell? With the powershell module for AD installed, you could simply try something like:
Get-ADUser -Identity <User Identifier> -Properties memberof
to list the memberof attribute for the user specified by the -Identity parameter.
Just an idea!
HTH
Pete
Get-ADUser -Identity <User Identifier> -Properties memberof
to list the memberof attribute for the user specified by the -Identity parameter.
Just an idea!
HTH
Pete
ASKER
PeteJThomas,
I need to look at the groups as people log onto the Intranet site.
Does the Powershell allow that and if so what's the process for installing?
I need to look at the groups as people log onto the Intranet site.
Does the Powershell allow that and if so what's the process for installing?
You've lost me a little bit...
The command I listed will query a domain controller, locate the user object in question and return the contents of the user object's "memberof" attribute. (I believe you can query a specific domain controller if needed).
So the information it returns will be current as of the time you ran the command. Does that sound that what you need? Or am I missing something?
Are you talking about automating the data collection? Or running it manually as and when needed?
Pete
The command I listed will query a domain controller, locate the user object in question and return the contents of the user object's "memberof" attribute. (I believe you can query a specific domain controller if needed).
So the information it returns will be current as of the time you ran the command. Does that sound that what you need? Or am I missing something?
Are you talking about automating the data collection? Or running it manually as and when needed?
Pete
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
PeteJThomas
This code will be used on a WebPage and/or WinForm's and MS Access databases.
I've been hired to consolidate everything into (as much as possible) one WinForm application.
When the person opens the Application, it will look at the groups they're part of and if the group is in that string I'm returning, they get access to the Application. If not...no Access.
They'll get access to sub modules based on the AD Departments they're in.
This code will be used on a WebPage and/or WinForm's and MS Access databases.
I've been hired to consolidate everything into (as much as possible) one WinForm application.
When the person opens the Application, it will look at the groups they're part of and if the group is in that string I'm returning, they get access to the Application. If not...no Access.
They'll get access to sub modules based on the AD Departments they're in.
ASKER
Worked through my own solution
- Rancy