Return all security groups within a specific OU in which a specific user is a member of

Posted on 2014-07-16
Last Modified: 2016-06-21
Need to create a function that accepts a username and returns the names of the security groups in a specific OU in which the user is a member.
Question by:dmoss123
    1 Comment
    LVL 70

    Accepted Solution

    In what language? The most popular .NET languages are probably VB, C# and PowerShell.

    If you're building the code yourself, you need to:

    1. Construct System.DirectoryServices.Directory entry for the root of the domain.
    2. Construct System.DirectoryServices.DirectorySearcher with the entry above and the LDAP filter "(samAccountName=<Username>)".
    3. Call FindOne() on the DirectorySearcher and test you have a SearchResult
    4. Pick the distinguishedname attribute from the search result (the users DN)
    5. Build an LDAP filter to query member "(&(objectClass=group)(member=<DNFromTheQueryAbove>))"
    6. Construct System.DirectoryServices.DirectoryEntry with (LDAP://<DistinguishedName of Specific OU>).
    7. Construct System.DirectoryServices.DirectorySearcher with the Directory entry and the LDAP filter created in 5.
    8. Call FindAll() on the DirectorySearcher to get a SearchResultCollection
    9. Extract the properties you wish to see (SearchResult.Properties and the name key).

    C# kind of looks something like (completely untested, may contain blatant syntax errors):
    using System;
    using System.Collections;
    using System.DirectoryServices;
    public class AD {
      public static String[] GetMemberOf (String Username) {
        DirectoryEntry DomainRoot = new DirectoryEntry();
        String LdapFilter = String.Format("(samAccountName={0})", Username);
        DirectorySearcher Searcher = new DirectorySearcher(DomainRoot, LdapFilter);
        Searcher.PageSize = 1000;
        SearchResult ADUser = Searcher.FindAll();
        if (ADUser != null) {
          String UserDN = ADUser.Properties["distinguishedname"][0];
          LdapFilter = String.Format("(&(objectClass=group)(member={0}))", UserDN);
          DirectoryEntry TargetOU = new DirectoryEntry("LDAP://<OU-PATH>");
          Searcher.SearchRoot = TargetOU;
          Searcher.Filter = LdapFilter;
          SearchResultCollection ADGroups = Searcher.FindAll();
          ArrayList ADGroupList = new ArrayList();
          foreach (SearchResult ADGroup in ADGroups) {
          return ADGroupList.ToArray();

    Open in new window


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Maximize Your Threat Intelligence Reporting

    Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

    IntroductionWhile developing web applications, a single page might contain many regions and each region might contain many number of controls with the capability to perform  postback. Many times you might need to perform some action on an ASP.NET po…
    User art_snob ( encountered strange behavior of Android Web browser on his Mobile Web site. It took a while to find the true cause. It happens so, that the Android Web browser (at least up to OS ver. 2.…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now