Brian
asked on
Check if Active Directory user is in a group using VB.net
Within a VB.net program, I want to check if a user is in a group. The code I have only works if I am joined to the domain (see below). I either need to modify this code to accept credentials (username/password) or I need different code. I tried many different versions of code (most using LDAP), but can't get anything to work running from a PC that is not yet joined to the domain.
Public Function IsInGroup2(ByVal objectName As String, groupName As String) As Boolean
Try
Return New WindowsPrincipal(New WindowsIdentity(objectName)).IsInRole(groupName)
Catch ex As Exception
End Try
Return False
End Function
ASKER
Thanks for the input, but it seems that your code requires being joined to the domain if accessing an Active Directory group. I have the following code, which works, but first you check the user/computer object, then you check all the groups it belongs to, then you iterate thru the groups seeing if the group you want is included. Like I said, it works, but seems like there should be a more concise method.
Public Function Check_If_Member_Of_AD_Group(ByVal username As String,
ByVal grouptoCheck As String,
ByVal domain As String,
ByVal ADlogin As String,
ByVal ADpassword As String) _
As Boolean
Try
Dim EntryString As String
EntryString = "LDAP://" & domain
Dim myDE As DirectoryEntry
grouptoCheck = grouptoCheck.ToLower()
If (ADlogin <> "" AndAlso ADpassword <> "") Then
myDE = New DirectoryEntry(EntryString, ADlogin, ADpassword)
Else
myDE = New DirectoryEntry(EntryString)
End If
Dim myDirectorySearcher As New DirectorySearcher(myDE)
myDirectorySearcher.Filter = "CN=" & username '= "sAMAccountName=" & username
myDirectorySearcher.PropertiesToLoad.Add("MemberOf")
Dim myresult As SearchResult = myDirectorySearcher.FindOne()
Dim NumberOfGroups As Integer
NumberOfGroups = myresult.Properties("memberOf").Count() - 1
Dim tempString As String
While (NumberOfGroups >= 0)
tempString = myresult.Properties("MemberOf").Item(NumberOfGroups)
tempString = tempString.Substring(0, tempString.IndexOf(",", 0))
tempString = tempString.Replace("CN=", "")
tempString = tempString.ToLower() 'Lets make all letters lowercase
tempString = tempString.Trim()
If (grouptoCheck = tempString) Then
Return True
End If
NumberOfGroups = NumberOfGroups - 1
End While
Return False
Catch ex As Exception
MessageBox.Show(ex.Message)
End Try
End Function
I think that what you are trying to do is similar to what is stated in the following articles. Do take a look.
https://shulerent.com/2010/02/03/getting-active-directory-info-for-the-current-user-in-vb-net-in-2-lines/
https://blog.ctglobalservices.com/scripting-development/jgs/checking-if-user-is-member-of-group-including-nestedsub-groups/
https://shulerent.com/2010/02/03/getting-active-directory-info-for-the-current-user-in-vb-net-in-2-lines/
https://blog.ctglobalservices.com/scripting-development/jgs/checking-if-user-is-member-of-group-including-nestedsub-groups/
ASKER
Noah, in both links, the code does not use authentication, which means it will only work if you are in the domain. I am using this on a device that is not in the domain.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the help!
You're welcome! Glad I could be of help :)
Perhaps, we can try doing it this way. You might need to replace the GroupName and MyIdentity prameter based on your needs.
Open in new window