Get List of Roles and Translate(typeof(NTAccount))

[Mario.Trafficante]

I am attempting to get a list of the security groups a specific user is
a member of when logging into our applications. After finding many
methods, I settled on the preferred suggested method of using an
IdentityReferenceCollection within the .NET 2.0 frame work. This works
well except for one thing, the NTAccount.Value for certain groups is
trucated. The entire active directory group name is not returned, only
a trucated version of it. I know there are other formats of the name
e.g. displayname etc... How or can I get access to the other name
formats through this call?

thanks Mario

string[] securityidentifiers = null;
string samAccountQuery =
String.Format("(|(sAMAccountName={0})(sAMAccountName={0}$))",
username.Substring(username.IndexOf("\\") + 1).Trim());

using (DirectoryEntry securedirectoryentry = new
DirectoryEntry(ldap, null, null, AuthenticationTypes.Secure))
{
using (DirectorySearcher securedirectorysearcher = new
DirectorySearcher(securedirectoryentry, samAccountQuery))
{
SearchResult securesearchresult =
FindOne(securedirectorysearcher);
if (securesearchresult != null)
{
//now unravel the tokenGroups (we'll use the
universal groups too)
using (DirectoryEntry account =
securesearchresult.GetDirectoryEntry())
{

IdentityReferenceCollection irc =
ExpandTokenGroups(account);

securityidentifiers = new
string[irc.Count];
int t = 0;
foreach (IdentityReference ir in irc)
{
IdentityReference accounts =
ir.Translate(typeof(NTAccount));
securityidentifiers[t] =
accounts.Value;
t++;
}
}
}
}

 

[Joe Kaplan \(MVP - ADSI\)]

You can't get access to the other name formats with
IdentityReferenceCollection, only the names used for security purposes. If
you want to get other name versions, you can either do an LDAP query to AD
to find the info, or do a p/invoke to something like the DsCrackNames API
(which is also wrapped by the IADsNameTranslate ADSI COM component).

Joe K.