Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

.Net 4.5 application: Unable to determine Active Directory Group membership for nested groups

Posted on 2014-12-16
2
Medium Priority
?
534 Views
Last Modified: 2015-02-16
I have an ASP.Net 4.5 application using integrated security.  I have no problem finding the groups the logged in user is directly a member off but am unable to return the groups they are a member of via nested group membership.  

The code below returns only user who are directly a member of the group:
var MyDomain = new PrincipalContext(ContextType.Domain, "MyDomain");
GroupPrincipal grp = GroupPrincipal.FindByIdentity(MyDomain, IdentityType.Name, "MyGroupName");

foreach (var p in grp.GetMembers(true))
	testing += p.Name + "<br>";

Open in new window


And this code returns only groups the user is directly a member of:

var MyDomain = new PrincipalContext(ContextType.Domain, "MyDomain");
UserPrincipal usr = UserPrincipal.FindByIdentity(MyDomain, Request.LogonUserIdentity.Name);

foreach (var p in usr.GetGroups())
	testing += "<br>" + p.Name;

Open in new window



How can I retrieve all the users associated with a given group or all the groups associated with a given user?

Ideally I want to ask "Is this user a member of this group" like the functionality the IsMemberOf() provides.  This is how I started this only to find that the method does not support nested groups either.
0
Comment
Question by:canuckconsulting
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 12

Accepted Solution

by:
Ammar Gaffar earned 2000 total points
ID: 40517493
Hi,
Try this function
 private bool IsUserInGroup(string groupName, string userName, string domainName)
        {
            bool toReturn = false;
           
                // set up domain context
                PrincipalContext ctx = new PrincipalContext(ContextType.Domain, domainName);
                // find a user                
                UserPrincipal user = UserPrincipal.FindByIdentity(ctx, userName);

                // find the group in question
                GroupPrincipal group = GroupPrincipal.FindByIdentity(ctx, groupName);
                if (user != null)
                {
                    // check if user is member of that group
                    if (user.IsMemberOf(group))
                    {
                        toReturn = true;
                    }
                }
            
            return toReturn;
        }

Open in new window


I am using this dll: System.DirectoryServices.AccountManagement
Path: C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5\System.DirectoryServices.AccountManagement.dll
0
 

Author Closing Comment

by:canuckconsulting
ID: 40612224
Sorry for delay replying
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question