Last post Apr 14, 2011 06:32 AM by bbcompent1
Apr 12, 2011 04:44 AM|pmwhelan|LINK
I've some code to check if a user is part of an Active Directory group.
I use it on a Sharepoint 2007 Web Part.
It works fine for my account but I'm an Administator. For other users it seems like it's loading but just keeps loading.
My code is below.
Any advise appreciated.
theGroup = theGroup.Replace(
//if this is a distribution group ...
firstComma = directoryEntryString.IndexOf(
firstEquals = directoryEntryString.IndexOf(
subGroupName = directoryEntryString.Substring(firstEquals + 1, firstComma - firstEquals - 1);
userName = (
Apr 12, 2011 09:46 AM|bbcompent1|LINK
Right off the first thing I would do is check your Windows Event Viewer and see if that's giving any clues. It sounds like these other users don't have permission to query the AD which could be the cause. Many domain admins lock down user accounts so that
these accounts have limited visibility. Another possibility is the AD is so large that it may not be coming back with a timely response but that may not be the issue since you are getting the response so I would still check the event viewer to rule that out.
Get back to me either way. Thanks :)
Apr 12, 2011 10:11 AM|pmwhelan|LINK
Hi thanks for the reply.
I checked the Event Viewer logs and nothing is coming up.
Strangely now it's just hanging for me.
I updated the dll (the only change being the addition of this method)
It worked for me, then I got a colleague to check it and it worked but now it's just hanging for both of us.
Very strange eh?
And I thought that once the code would work for all users?
As in the code is running under the asp .net worker account?
Apr 12, 2011 06:44 PM|gww|LINK
It might be a permission issue, try and pass a username and password for an account that you know has read access to the directory. If that works you may need to setup a service account that has read access to the directory and pass those credentials in
Apr 14, 2011 06:32 AM|bbcompent1|LINK
The hanging could be a symptom of the AD enforcing a GPO which may be applied every few minutes. The GPO (group policy object) may be knocking the accounts down so that they can authenticate against the AD but not query it. But these events would be most
likely on the DC, not the web server.