Return all security groups within a specific OU in which a specific user is a member of

Need to create a function that accepts a username and returns the names of the security groups in a specific OU in which the user is a member.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Chris DentPowerShell DeveloperCommented:
In what language? The most popular .NET languages are probably VB, C# and PowerShell.

If you're building the code yourself, you need to:

1. Construct System.DirectoryServices.Directory entry for the root of the domain.
2. Construct System.DirectoryServices.DirectorySearcher with the entry above and the LDAP filter "(samAccountName=<Username>)".
3. Call FindOne() on the DirectorySearcher and test you have a SearchResult
4. Pick the distinguishedname attribute from the search result (the users DN)
5. Build an LDAP filter to query member "(&(objectClass=group)(member=<DNFromTheQueryAbove>))"
6. Construct System.DirectoryServices.DirectoryEntry with (LDAP://<DistinguishedName of Specific OU>).
7. Construct System.DirectoryServices.DirectorySearcher with the Directory entry and the LDAP filter created in 5.
8. Call FindAll() on the DirectorySearcher to get a SearchResultCollection
9. Extract the properties you wish to see (SearchResult.Properties and the name key).

C# kind of looks something like (completely untested, may contain blatant syntax errors):
using System;
using System.Collections;
using System.DirectoryServices;

public class AD {
  public static String[] GetMemberOf (String Username) {
    DirectoryEntry DomainRoot = new DirectoryEntry();
    String LdapFilter = String.Format("(samAccountName={0})", Username);
    DirectorySearcher Searcher = new DirectorySearcher(DomainRoot, LdapFilter);
    Searcher.PageSize = 1000;
    SearchResult ADUser = Searcher.FindAll();
    if (ADUser != null) {
      String UserDN = ADUser.Properties["distinguishedname"][0];
      LdapFilter = String.Format("(&(objectClass=group)(member={0}))", UserDN);
      DirectoryEntry TargetOU = new DirectoryEntry("LDAP://<OU-PATH>");
      Searcher.SearchRoot = TargetOU;
      Searcher.Filter = LdapFilter;
      SearchResultCollection ADGroups = Searcher.FindAll();
      ArrayList ADGroupList = new ArrayList();
      foreach (SearchResult ADGroup in ADGroups) {
      return ADGroupList.ToArray();

Open in new window


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.