check user in ad groups within groups
Question
I want to check whether a user is within an AD groups using System.DirectoryServices.AccountManagement. in normal case, i can do it by using user.IsMemberOf(Group). However, if the group belongs to another group(parent group), using user.IsMemberOf(Parent Group) will failed. Is there any easy way to do it? or do i have to recursively drill down where there are subgroups within a group?
eg we have group IT, and within IT group, we have Application, Infrastructure, Service Desk. I belong to Application group only, and if i do user.ismemberof(Application), i get true. if i do user.ismemberof(IT), i get false.
2 answers
solution1
2 2014-03-13 05:51:46
If you're using the UserPrincipal.GetAuthorizationGroups method, you'll get that for free :
This method searches all groups recursively and returns the groups in which the user is a member. The returned set may also include additional groups that system would consider the user a member of for authorization purposes.
solution2
0 2014-03-13 02:57:54
You will have to perform the search recursively until there are no more groups to search through. There isn't a built-in way to walk the chain of A/D memberships.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.