Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Active Directory nested groups

I have a C# 4.0 program working that retrieves all the members for a specific AD group. In this AD group are other AD groups containing other members. I need my program to identity that it is a group and retrieve the members in that group.

I know I need to write a recursive program but I was hoping somebody out there might have already done it. If not, could somebody tell me the AD property attribute to identify that the member is actual a group?

like image 831
Richard Butterwood Avatar asked Jul 16 '11 00:07

Richard Butterwood


1 Answers

Since you're on .NET 3.5 and up, you should check out the System.DirectoryServices.AccountManagement (S.DS.AM) namespace. Read all about it here:

  • Managing Directory Security Principals in the .NET Framework 3.5
  • MSDN docs on System.DirectoryServices.AccountManagement

Basically, you can define a domain context and easily find users and/or groups in AD. Also: the GroupPrincipal has a method called GetMembers which will list all members of that group - optionally, it will do so recursively for you!

// set up domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);

// find the group you're interested in
GroupPrincipal myGroup = GroupPrincipal.FindByIdentity(ctx, "SomeGroup");

// if you found it - get its members
if (myGroup != null)
{
   // if your call the GetMembers, you can optionally specify a "Recursive" flag - done here
   var allMembers = myGroup.GetMembers(true);
}

The new S.DS.AM makes it really easy to play around with users and groups in AD!

like image 132
marc_s Avatar answered Sep 24 '22 17:09

marc_s