gdspeare
asked on
Query AD for Group Membership
I am trying to query AD for the groups of users. For some reason, my group count is coming back as the true count less 1 (ie I can see the user is a member of 6 groups, but my count is coming back as only 5).
Anyone see my issue here?
Anyone see my issue here?
using System;
using System.Collections.Generic;
using System.Text;
using System.DirectoryServices;
using System.Collections.ObjectModel;
using System.IO;
using System.Data;
using Microsoft.SqlServer.Server;
using System.Data.SqlTypes;
using System.Data.SqlClient;
using System.Collections.Specialized;
public class LDAPGroupChecks
{
[Microsoft.SqlServer.Server.SqlProcedure]
public static int LDAPGroupCheck(string str_Domain, string str_UserName, string str_Group)
{
// variable declaration
string str_ErrorDescription = ""; // returned error description
string str_LoginName = str_Domain + @"\" + str_UserName; // build our full login name
StringBuilder stb_GroupList = new StringBuilder(); // holds a list of all groups this user is a member of
int int_ReturnValue = 0; // default our return value to 0
// attempt to grab the details for this account
try
{
// Bind to the native AdsObject
DirectoryEntry ptr_DirectoryEntry = new DirectoryEntry("LDAP://" + str_Domain);
Object ptr_Object = ptr_DirectoryEntry.NativeObject;
DirectorySearcher ptr_DirectorySearcher = new DirectorySearcher(ptr_DirectoryEntry);
// generate our LDAP search parameters
ptr_DirectorySearcher.Filter = "(SAMAccountName=" + str_UserName + ")";
ptr_DirectorySearcher.PropertiesToLoad.Add("memberof");
// run the search and grab our result
SearchResult ptr_SearchResult = ptr_DirectorySearcher.FindOne();
// check our result
if (null == ptr_SearchResult)
{
// if the search failed return false because the account doesn't exist
int_ReturnValue = 0;
SqlContext.Pipe.Send(int_ReturnValue.ToString());
return int_ReturnValue;
}
// populate our variables with the user information from AD
int int_GroupCount = ptr_SearchResult.Properties["memberOf"].Count;
// loop through all the groups and append to our string
for (int int_Counter = 0; int_Counter < int_GroupCount ; int_Counter++)
{
stb_GroupList.Append((string)ptr_SearchResult.Properties["memberOf"][int_Counter]);
stb_GroupList.Append("|");
}
stb_GroupList.Length -= 1; //remove the last '|' symbol
// figure out if our given group is in the group list
if (stb_GroupList.ToString().ToLower().Contains("cn=" + str_Group.ToLower() + ","))
int_ReturnValue = 1;
else
int_ReturnValue = 0;
}
catch (Exception ptr_Exception)
{
/*********************************************************************/
string fError = "f:\\production\\DotNetAssemblies\\udb_PasswordKeeper\\Error.txt";
using (FileStream fs2 = new FileStream(fError, FileMode.Append))
{
Byte[] info = new UTF8Encoding(true).GetBytes(ptr_Exception.ToString());
// Add some information to the file.
fs2.Write(info, 0, info.Length);
fs2.Close();
}
/*********************************************************************/
int_ReturnValue = 3;
str_ErrorDescription = "Error accessing user information. " + ptr_Exception.Message;
return int_ReturnValue;
}
// return our status
SqlContext.Pipe.Send(stb_GroupList.ToString());
return int_ReturnValue;
}
}
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.