stackoom
  简体   繁体   中英

quickest way to check if a user exists in an active directory group in c#

 原文  2018-06-05 19:54:40       c#/ .net/ active-directory

Question

I am writing a method to determine if a user exists in an Active Directory Group. I may not know this user's password but I do have another username/password in this Active Directory Group. Is there a more efficient way to do this? Setting the SamAccountName property and the call to userFound.GetGroups() seems to be bottlenecks.

Any suggestions are appreciated. 

try
{
  using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, ipaddress, remoteDomainAndUserName, password))
  {
    UserPrincipal qbeUser = new UserPrincipal(pc);
    try
    {
      qbeUser.SamAccountName = lookUpUserName; // don't know password of this user
      aDResult = ADResult.Valid; // right now remoteDomainAndUserName/password is valid on the domain, don't know if lookUpUserName is a valid user yet
    }
    catch (Exception e)
    {
      return ADResult.InvalidNonLookupID;
    }

    PrincipalSearcher srch = new PrincipalSearcher(qbeUser);

    foreach (var found in srch.FindAll())
    {
      UserPrincipal userFound = found as UserPrincipal;

      if (userFound != null)
      {
        foreach (Principal p in userFound.GetGroups())
        {
          if (p.SamAccountName.ToLower().Trim() == groupName)
          {
            bool isEnabled = true;
            if (userFound.Enabled.HasValue)
            {
              isEnabled = userFound.Enabled.Value;
            }
            if (isEnabled)
              return ADResult.ValidInGroup;
            else
              return ADResult.DisabledInGroup;
          }
          else
            aDResult = ADResult.InvalidInGroup;
        }
      }
    }
  }
}
catch (PrincipalServerDownException e)
{
            // cannot connect to AD
            aDResult = ADResult.Offline;
}
catch (LdapException e)
{
            // cannot connect to AD
            aDResult = ADResult.Offline;
}
catch (Exception e)
{
            // cannot connect to AD
            aDResult = ADResult.Offline;
}

1 answers

solution1
 1  2018-06-05 19:58:02

//This is a method I use in a WCF web service I created
//userName is the sAMAccount name of the user
//groupName is the AD group 
public bool IsMemberOfGroup(string groupName, string userName)
{
            try
            {
                PrincipalContext context = new PrincipalContext(ContextType.Domain);

                UserPrincipal user = UserPrincipal.FindByIdentity(context, userName);

                GroupPrincipal group = GroupPrincipal.FindByIdentity(context, groupName);

                if (group == null)
                    return false;

                if (user != null)
                    return group.Members.Contains(user);
            }
            catch (System.Exception ex)
            {
                //Log exception
            }


            return false;
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Check if Active Directory Group exists in current container using C# C# add active directory user to group Check UserID exists in Active Directory using C# Check if a DirectoryEntry is the last of a Group in Active Directory C# C# to Active Directory getting User / Group / Description Get user names of Active Directory group in c# C# Active Directory: Add user to group in another domain Fast way to get a list of group members in Active Directory with C# What is the quickest way to group by and get the MAX of something in c#? C# Active Directory Group Querying
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM