I want to list all the Active Directory application groups a user belongs to. But I got nothing.
Thanks for advice.
public List<string> GetGroups(string strUserName)
{
DirectoryEntry objADAM = default(DirectoryEntry);
// Binding object.
DirectoryEntry objGroupEntry = default(DirectoryEntry);
// Group Results.
DirectorySearcher objSearchADAM = default(DirectorySearcher);
// Search object.
SearchResultCollection objSearchResults = default(SearchResultCollection);
// Results collection.
string strPath = null;
// Binding path.
List<string> result = new List<string>();
// Construct the binding string.
strPath = "LDAP://CHCAD.abc/DC=abc";
//Change to your ADserver
// Get the AD LDS object.
try
{
objADAM = new DirectoryEntry(strPath);
objADAM.RefreshCache();
}
catch (Exception e)
{
throw e;
}
// Get search object, specify filter and scope,
// perform search.
try
{
objSearchADAM = new DirectorySearcher(objADAM);
objSearchADAM.Filter = "(&(objectClass=group)(samaccountname=" + strUserName + "))";
objSearchADAM.SearchScope = SearchScope.Subtree;
objSearchResults = objSearchADAM.FindAll();
}
catch (Exception e)
{
throw e;
}
// Enumerate groups
try
{
if (objSearchResults.Count != 0)
{
foreach (SearchResult objResult in objSearchResults)
{
objGroupEntry = objResult.GetDirectoryEntry();
result.Add(objGroupEntry.Name);
}
}
else
{
throw new Exception("No groups found");
}
}
catch (Exception e)
{
throw new Exception(e.Message);
}
return result;
}
If you're on .NET 3.5 and up, you should check out the System.DirectoryServices.AccountManagement
(S.DS.AM) namespace. Read all about it here:
Basically, you can define a domain context and easily find users and/or groups in AD:
// set up domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);
// find a user - this will search for DN and samAccountName and display name and a few more
UserPrincipal user = UserPrincipal.FindByIdentity(ctx, strUserName);
if(user != null)
{
// if user is found - get the groups that user belongs to
PrincipalSearchResult<Principal> authGroups = user.GetAuthorizationGroups();
List<string> groupNames = new List<string>();
foreach(Principal group in authGroups)
{
// do something with the groups - like add their name to a List<string>
groupNames.Add(group.Name);
}
}
The new S.DS.AM makes it really easy to play around with users and groups in AD!
PS: otherwise, if you cannot switch to S.DS.AM, you should check out my answer to another StackOverflow question that deals with the same issue. Basically just check out the memberOf
property of your DirectoryEntry
object.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.