ActiveDirectory - check if user is member of a group

I

Iain

All,

As per subject, tried many examples that none seem to work.

Simply I need to check if the current user is a member of a certain
Active Directory group?

TIA
Iain
 
I

Iain

Mark said:
As per subject, tried many examples that none seem to work.

Simply I need to check if the current user is a member of a certain
Active Directory group?

Firstly, you're in the wrong newsgroup. Please post ActiveDirectory
questions in the ActiveDirectory newsgroup: microsoft.public.adsi.general

However, the following function returns a List<string> of the groups
that a user belongs to:

List<string> GetGroupsForUser(string pstrUser)
{
List<string> lstGroups = new List<string>();
using (DirectorySearcher objDS = new
DirectorySearcher("objectCategory=User"))
{
objDS.Filter = "(SAMAccountName=" + pstrUser + ")";
using (DirectoryEntry objUser = new
DirectoryEntry(objDS.FindOne().Path))
{
PropertyCollection colProperties = objUser.Properties;
PropertyValueCollection colPropertyValues =
colProperties["memberOf"];
foreach (string strGroup in colPropertyValues)
{
lstGroups.Add(strGroup.ToLower());
}
}
}
return lstGroups;
}

Then, all you have to do is check whether the group you're interested in
is contained in the generic...

Alternatively, as AD is navigational, not relational, start with the
group and query AD for its members...
Sorry about the wrong newsgroup. This code works but only from my local
machine, any other connections non-local return the error message :

"The specified domain either does not exist or could not be contacted."
 
G

Guest

Firstly, you're in the wrong newsgroup. Please post ActiveDirectory
questions in the ActiveDirectory newsgroup: microsoft.public.adsi.general
However, the following function returns a List<string> of the groups
that a user belongs to:
List<string> GetGroupsForUser(string pstrUser)
{
   List<string> lstGroups = new List<string>();
   using (DirectorySearcher objDS = new
DirectorySearcher("objectCategory=User"))
   {
       objDS.Filter = "(SAMAccountName=" + pstrUser + ")";
       using (DirectoryEntry objUser = new
DirectoryEntry(objDS.FindOne().Path))
       {
           PropertyCollection colProperties = objUser.Properties;
           PropertyValueCollection colPropertyValues =
colProperties["memberOf"];
           foreach (string strGroup in colPropertyValues)
           {
               lstGroups.Add(strGroup.ToLower());
           }
       }
   }
   return lstGroups;
}
Then, all you have to do is check whether the group you're interested in
is contained in the generic...
Alternatively, as AD is navigational, not relational, start with the
group and query AD for its members...

Sorry about the wrong newsgroup. This code works but only from my local
machine, any other connections non-local return the error message :

"The specified domain either does not exist or could not be contacted."- Hide quoted text -

- Show quoted text -

is it an ASP.net application?
 
I

Iain

There was no mention of remote active directory in your original post...

http://www.codeproject.com/KB/system/everythingInAD.aspx and search for
"Target Specific Domain Controllers or Credentials"


Again, active directory questions will likely get a better and faster
response if you post them in the active directory newsgroup...
Sorry if my post was not very clear, the machines that I want to connect
via AD are all present within the same domain. The local machine hosting
IIS (essentially my dev box) can connect/query AD, but connecting via
another machine (on the same domain) returns :

"The specified domain either does not exist or could not be contacted."

when trying to access my dev box.
 
G

Guest

Sorry if my post was not very clear, the machines that I want to connect
via AD are all present within the same domain. The local machine hosting
IIS (essentially my dev box) can connect/query AD, but connecting via
another machine (on the same domain) returns :

"The specified domain either does not exist or could not be contacted."

when trying to access my dev box.

This probably means that the asp.net account on another machine may
not query AD. Try to look in the event log for more details.

You need to configure your application to be running using Windows
Authentication (go to IIS). Authentication mode must be set to
"Windows" in the web.config file, identity impersonate to true.

To debug your application you can output current account name to see
what the difference is between your dev box and another machine:

Response.Write (User.Identity.Name);
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,995
Messages
2,570,226
Members
46,815
Latest member
treekmostly22

Latest Threads

Top