Return a list of all Active Directory application groups a user belongs to

Question

I want to list all the Active Directory application groups a user belongs to. But I got nothing.

Thanks for advice.

public List<string> GetGroups(string strUserName)
{
        DirectoryEntry objADAM = default(DirectoryEntry);
        // Binding object.          
        DirectoryEntry objGroupEntry = default(DirectoryEntry);
        // Group Results.
        DirectorySearcher objSearchADAM = default(DirectorySearcher);
        // Search object.
        SearchResultCollection objSearchResults = default(SearchResultCollection);
        // Results collection.
        string strPath = null;
        // Binding path.
        List<string> result = new List<string>();
        // Construct the binding string.
        strPath = "LDAP://CHCAD.abc/DC=abc";
        //Change to your ADserver 
        // Get the AD LDS object.
        try
        {
            objADAM = new DirectoryEntry(strPath);
            objADAM.RefreshCache();
        }
        catch (Exception e)
        {
            throw e;
        }
        // Get search object, specify filter and scope,
        // perform search.  
        try
        {
            objSearchADAM = new DirectorySearcher(objADAM);
            objSearchADAM.Filter = "(&(objectClass=group)(samaccountname=" + strUserName + "))";
            objSearchADAM.SearchScope = SearchScope.Subtree;
            objSearchResults = objSearchADAM.FindAll();
        }
        catch (Exception e)
        {
            throw e;
        }
        // Enumerate groups 
        try
        {
            if (objSearchResults.Count != 0)
            {
                foreach (SearchResult objResult in objSearchResults)
                {
                    objGroupEntry = objResult.GetDirectoryEntry();
                    result.Add(objGroupEntry.Name);
                }
            }
            else
            {
                throw new Exception("No groups found");
            }
        }
        catch (Exception e)
        {
            throw new Exception(e.Message);
        }
        return result;
    } 

Answer 1

If you're on .NET 3.5 and up, you should check out the System.DirectoryServices.AccountManagement (S.DS.AM) namespace. Read all about it here:

• Managing Directory Security Principals in the .NET Framework 3.5
• MSDN docs on System.DirectoryServices.AccountManagement

Basically, you can define a domain context and easily find users and/or groups in AD:

// set up domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);

// find a user - this will search for DN and samAccountName and display name and a few more
UserPrincipal user = UserPrincipal.FindByIdentity(ctx, strUserName);

if(user != null)
{
   // if user is found - get the groups that user belongs to
   PrincipalSearchResult<Principal> authGroups = user.GetAuthorizationGroups();

   List<string> groupNames = new List<string>();

   foreach(Principal group in authGroups)
   {
      // do something with the groups - like add their name to a List<string>
      groupNames.Add(group.Name);  
   }
}

The new S.DS.AM makes it really easy to play around with users and groups in AD!

PS: otherwise, if you cannot switch to S.DS.AM, you should check out my answer to another StackOverflow question that deals with the same issue. Basically just check out the memberOf property of your DirectoryEntry object.