Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 217
  • Last Modified:

Query AD for Group Membership

I am trying to query AD for the groups of users.  For some reason, my group count is coming back as the true count less 1 (ie I can see the user is a member of 6 groups, but my count is coming back as only 5).

Anyone see my issue here?

using System;
using System.Collections.Generic;
using System.Text;
using System.DirectoryServices;
using System.Collections.ObjectModel;
using System.IO;
using System.Data;
using Microsoft.SqlServer.Server;
using System.Data.SqlTypes;
using System.Data.SqlClient;
using System.Collections.Specialized;
public class LDAPGroupChecks
{
    [Microsoft.SqlServer.Server.SqlProcedure]
    public static int LDAPGroupCheck(string str_Domain, string str_UserName, string str_Group)
    {
        // variable declaration
        string str_ErrorDescription = "";                               // returned error description
        string str_LoginName = str_Domain + @"\" + str_UserName; // build our full login name
        StringBuilder stb_GroupList = new StringBuilder();              // holds a list of all groups this user is a member of
        int int_ReturnValue = 0;                                // default our return value to 0


        // attempt to grab the details for this account
        try
        {
            // Bind to the native AdsObject			
            DirectoryEntry ptr_DirectoryEntry = new DirectoryEntry("LDAP://" + str_Domain);
            Object ptr_Object = ptr_DirectoryEntry.NativeObject;
            DirectorySearcher ptr_DirectorySearcher = new DirectorySearcher(ptr_DirectoryEntry);

            // generate our LDAP search parameters
            ptr_DirectorySearcher.Filter = "(SAMAccountName=" + str_UserName + ")";
            ptr_DirectorySearcher.PropertiesToLoad.Add("memberof");

            // run the search and grab our result
            SearchResult ptr_SearchResult = ptr_DirectorySearcher.FindOne();


            // check our result
            if (null == ptr_SearchResult)
            {
                // if the search failed return false because the account doesn't exist
                int_ReturnValue = 0;
                SqlContext.Pipe.Send(int_ReturnValue.ToString());

            

                return int_ReturnValue;
            }

            // populate our variables with the user information from AD
            int int_GroupCount = ptr_SearchResult.Properties["memberOf"].Count;

            

            // loop through all the groups and append to our string
            for (int int_Counter = 0; int_Counter < int_GroupCount ; int_Counter++)
            {
                stb_GroupList.Append((string)ptr_SearchResult.Properties["memberOf"][int_Counter]);
                stb_GroupList.Append("|");
                

            }
            stb_GroupList.Length -= 1; //remove the last '|' symbol


            

            // figure out if our given group is in the group list
            if (stb_GroupList.ToString().ToLower().Contains("cn=" + str_Group.ToLower() + ","))
                int_ReturnValue = 1;
            else
                int_ReturnValue = 0;
        }
        catch (Exception ptr_Exception)
        {


            /*********************************************************************/

            string fError = "f:\\production\\DotNetAssemblies\\udb_PasswordKeeper\\Error.txt";

            using (FileStream fs2 = new FileStream(fError, FileMode.Append))
            {
                Byte[] info = new UTF8Encoding(true).GetBytes(ptr_Exception.ToString());
                // Add some information to the file.
                fs2.Write(info, 0, info.Length);
                fs2.Close();

            }

            /*********************************************************************/


            int_ReturnValue = 3;
            str_ErrorDescription = "Error accessing user information. " + ptr_Exception.Message;
            return int_ReturnValue;
        }
     
        // return our status
        SqlContext.Pipe.Send(stb_GroupList.ToString());
        return int_ReturnValue;
    }
}

Open in new window

0
gdspeare
Asked:
gdspeare
1 Solution
 
gdspeareAuthor Commented:
The issue is that the primary group assigned to the user is not pulled back by default.

http://social.msdn.microsoft.com/Forums/en-US/Vsexpressvb/thread/88656999-bf53-481b-83d0-ed6f7d1cba16
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now