C＃从Active Directory获取特定用户的所有组

Question

I'm trying to get all the groups of a specific user, as it listed in Active Directory "Member Of" groups. I found a code but it gives me all of the groups, if a group contains few groups, I get those groups instead of the main one that contains them.. I would like to get the list as it is without "background" groups.

code that i found here:

public List<GroupPrincipal> GetGroups(string userName)
{
   List<GroupPrincipal> result = new List<GroupPrincipal>();

   // establish domain context
   PrincipalContext yourDomain = new PrincipalContext(ContextType.Domain);

   // find your user
   UserPrincipal user = UserPrincipal.FindByIdentity(yourDomain, userName);

   // if found - grab its groups
   if(user != null)
   {
      PrincipalSearchResult<Principal> groups = user.GetAuthorizationGroups();

      // iterate over all groups
      foreach(Principal p in groups)
      {
         // make sure to add only group principals
         if(p is GroupPrincipal)
         {
             result.Add((GroupPrincipal)p);
         }
      }
   }

   return result;
}

Haven't find a working solution yet, any idea?

Answer 1

The GetAuthorizationGroups() method is for testing the user's security privileges. It tells you that the user is entitled to all the security privileges that the returned groups are given. So it does give you all the nested security groups.

For example, if the user is a member of group B, and group B is in group A, then the user is entitled to the privileges granted to group A, therefore GetAuthorizationGroups() will return group A.

I think what you're looking for is the GetGroups() method, which returns only the groups the user is an immediate member of.

PrincipalSearchResult<Principal> groups = user.GetGroups();