Menu
An AD setup I'm using has users that are stored as members of (multiple) security groups.
I am using software that reads the memberof property of a user to work out access permissions.
In AD Explorer I can see the memberof property of the user shows the immediate security groups they belong to say 'Course - English'. It does not show the parents groups, nested up to say 'ALL Students'.
Is there a reason for this or a way of ensuring all nested groups are shown in the memberof property?
539
If you're on .NET 3.5 and up, you should check out the System.DirectoryServices.AccountManagement (S.DS.AM) namespace. Read all about it here:
Basically, you can define a domain context and easily find users and/or groups in AD:
// set up domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);
// find a user
UserPrincipal user = UserPrincipal.FindByIdentity(ctx, "SomeUserName");
if(user != null)
{
var groups = user.GetAuthorizationGroups();
// enumerate over groups
foreach(GroupPrincipal gp in groups)
{
// do something here....
}
}
The new S.DS.AM makes it really easy to play around with users and groups in AD!
The .GetAuthorizationGroups() method is the only one around that I know of that will do recursive searches, e.g. find groups that a user is member of by virtue of another group. The pre-.NET 3.5 DirectoryServices stuff doesn't do this - you would have to totally roll your own if you need that.
119
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
