Is there a way to retrieve all AD groups a user belongs to without looping through the entire directory group by group? I'm worried this would take too much time.
There should be similar posts made recently with code that should help. All you need to do is load the memberof property of the user account. The groups can be loaded as a collection and you can then loop through those to pull the CN of each group, otherwise
you get the DN. Here is a function I use to return the groups in a sorted list to display in a page. It takes the user's DN and returns the groups in a collection which I add to an array to sort then return as a pipe delimited string.
Dim entry As DirectoryEntry = New DirectoryEntry(ldapstr, usernamestr, passstr)
Try
Dim obj As Object = entry.NativeObject
Dim search As DirectorySearcher = New DirectorySearcher(entry)
search.Filter = "(&(objectClass=user)(SAMAccountName=" & username & "))"
search.PropertiesToLoad.Add("memberof")
Dim result As SearchResult = search.FindOne()
If (result Is Nothing) Then
Else
Dim groupColl as object
For Each groupColl in result.Properties("memberof")
'do something with the group name
Next groupColl
End If
Catch ex As Exception
End Try
rkeslar
Participant
853 Points
900 Posts
Retrieving all AD groups a user belongs to
May 07, 2012 05:45 PM|LINK
Is there a way to retrieve all AD groups a user belongs to without looping through the entire directory group by group? I'm worried this would take too much time.
Thanks
kushal.dwive...
Member
396 Points
61 Posts
Re: Retrieving all AD groups a user belongs to
May 08, 2012 08:30 AM|LINK
You can try using the GetAuthorizationGroups Method of System.DirectoryServices.AccountManagement namespace in .Net 3.5.
You can read about it in this article. It has a code sample of it as well.
http://msdn.microsoft.com/en-us/magazine/cc135979.aspx#S5
string userName = "user1Acct";
// find the user in the identity store
UserPrincipal user = UserPrincipal.FindByIdentity( adPrincipalContext, userName);
// get the groups for the user principal and
// store the results in a PrincipalSearchResult object
PrincipalSearchResult<Principal> results = user.GetAuthorizationGroups();
// display the names of the groups to which the // user belongs
Console.WriteLine("groups to which {0} belongs:", userName);
foreach (Principal result in results) { Console.WriteLine("name: {0}", result.Name); }
gww
Contributor
2143 Points
458 Posts
Re: Retrieving all AD groups a user belongs to
May 08, 2012 12:00 PM|LINK
There should be similar posts made recently with code that should help. All you need to do is load the memberof property of the user account. The groups can be loaded as a collection and you can then loop through those to pull the CN of each group, otherwise you get the DN. Here is a function I use to return the groups in a sorted list to display in a page. It takes the user's DN and returns the groups in a collection which I add to an array to sort then return as a pipe delimited string.
Dim entry As DirectoryEntry = New DirectoryEntry(ldapstr, usernamestr, passstr) Try Dim obj As Object = entry.NativeObject Dim search As DirectorySearcher = New DirectorySearcher(entry) search.Filter = "(&(objectClass=user)(SAMAccountName=" & username & "))" search.PropertiesToLoad.Add("memberof") Dim result As SearchResult = search.FindOne() If (result Is Nothing) Then Else Dim groupColl as object For Each groupColl in result.Properties("memberof") 'do something with the group name Next groupColl End If Catch ex As Exception End Try