• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 964
  • Last Modified:

Active Directory Global vs Universal? VB Code

In my following code I can get back the information I need...almost.

 Dim search As New DirectorySearcher("")
search.Filter = "(&(!(userAccountControl:1.2.840.113556.1.4.803:=2))(objectCategory=user)(samaccountname=" + UserName.ToString.Trim + "))"

search.PropertiesToLoad.Add("memberOf")
Dim result As SearchResult = search.FindOne()

I can then feed in my result and get most of what I need.

But it SEEMS like I'm only getting the "Global" information...and not the "Universal" info.

Example...
I'm getting the OU= blah...blah...nlah... on !IT Group which is a Global Group

But I don't get the OU= on !Development which is a Universal group.

Any suggestions?
0
lrbrister
Asked:
lrbrister
  • 4
  • 4
2 Solutions
 
Michael PfisterCommented:
See http://msdn.microsoft.com/en-us/library/ms677943%28v=vs.85%29.aspx

" memberOf

    The memberOf attribute is a multi-valued attribute that contains groups of which the user is a direct member, except for the primary group, which is represented by the primaryGroupId. Group membership is dependent on the domain controller (DC) from which this attribute is retrieved:

        At a DC for the domain that contains the user, memberOf for the user is complete with respect to membership for groups in that domain; however, memberOf does not contain the user's membership in domain local and global groups in other domains.
        At a GC server, memberOf for the user is complete with respect to all universal group memberships.

    If both conditions are true for the DC, both sets of data are contained in memberOf.

    Be aware that this attribute lists the groups that contain the user in their member attribute—it does not contain the recursive list of nested predecessors. For example, if user O is a member of group C and group B and group B were nested in group A, the memberOf attribute of user O would list group C and group B, but not group A.

    This attribute is not stored—it is a computed back-link attribute."


To get all goups you have to use tokenGroups instead, see
User Management with Active Directory

Its for C# but you probably get the idea....
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
Can you please share some screenshot or more details to check and help.

- Rancy
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
(&(-other-ldap-query-items-)(userAccountControl:1.2.840.113556.1.4.803:=65536))

I guess this is what your looking for.

- Rancy
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
lrbristerAuthor Commented:
Rancy,
The bottom line is I need to see all groups a user is part of and whether they're a Distribution or a Security Group

  This is the code I'm using.

I'm passing in the username to retrieve the groups and return the string which I parse

 Public Function GetActiveDirectoryUserGroups(ByVal UserName As String) As String
        Dim search As New DirectorySearcher("")
        Dim groupCount As Int64
        Dim counter As Int64
        Dim GroupName As String
        Dim GroupType As String = Nothing
        Dim PrimaryGroup As String
        Dim GroupArr As Array
        Dim DataToWriteGroups As String = ""
       Try

            search.Filter = "(&(!(userAccountControl:1.2.840.113556.1.4.803:=2))(objectCategory=user)(samaccountname=" + UserName.ToString.Trim + "))"
            search.PropertiesToLoad.Add("memberOf")
            'search.PropertiesToLoad.Add("OU")

            Dim result As SearchResult = search.FindOne()

            If Not (IsNothing(result)) Then

                Try
                    groupCount = result.Properties("memberOf").Count
                Catch ex As NullReferenceException
                    groupCount = 0
                End Try

                If groupCount > 0 Then
                    For counter = 0 To groupCount - 1
                        GroupName = ""
                        GroupName = CStr(result.Properties("memberOf")(counter))
                        GroupType = getOU(GroupName)
                        GroupArr = Split(GroupName, ",")
                        If Not (IsNothing(GroupArr(0))) Then
                            GroupName = Mid(GroupArr(0), 4, Len(GroupArr(0)) - 3)
                            'DataToWriteGroups = DataToWriteGroups + GroupName + "|" + GroupType + ","
                            DataToWriteGroups = DataToWriteGroups + GroupName + ","
                        End If
                    Next

                End If
                ' Get primary Group
                PrimaryGroup = GetPrimaryGroupName(UserName)

                If PrimaryGroup.Length > 0 Then
                    DataToWriteGroups = DataToWriteGroups + PrimaryGroup + ""
                End If

            End If
        Catch ex As Exception
            Return "Error"
        Finally
            search.Dispose()
        End Try
        Return UserName & ":" & DataToWriteGroups
    End Function

Open in new window

0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
Are you sure that a user is member of some DL's ?

If so can you go to Adsiedit and check the attribute name ?

Look i aint good with scripting
'search.PropertiesToLoad.Add("OU") - why is there a ' just before this line ?
nothing for getting name of that DL ?

- Rancy
0
 
lrbristerAuthor Commented:
Yeah...
Example...I'm feeding in myself (lrbrister)

This is a line I'm getting back from the result.......InnerList
(0) = "CN=!Development,CN=Users,DC=mydomainname,DC=local" {String}
And I KNOW that !Development is a Universal Group

Whereas I can easily SEE the OU in the next group which is a Global Group
(1) = "CN=!IT Tel Facility Support Requests,OU=Distributon Groups,DC=mydomainname,DC=local" {String}
0
 
lrbristerAuthor Commented:
Rancy

???
0
 
lrbristerAuthor Commented:
Sorry for the late get back folks.  Took me a while to slog through the references.
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now