Menu
I've got a string that I'm fetching from LDAP for Active Directory group membership and I need to parse it to check if the user is a member of the AD group. Is there a class that can parse this for me?
Example:
CN=Foo Group Name,DC=mydomain,DC=com
828
LDAP. We have an web application developed using c#(VS 2008/3.5 framework). The application uses the mode of authentication as "Windows" with a service account present in domain (Domain1) to run the application as ASP.Net user. We have authentication to be done for the users present in different domain (Domain 2).
DirectoryServices namespace provides easy access to Active Directory from managed code. The namespace contains two component classes, DirectoryEntry and DirectorySearcher, which use the Active Directory Services Interfaces (ADSI) technology.
I came here to see if we can parse "LDAP://ldap.company.com:389/ou=people,o=company" to protocol, port, baseDN and server FQDN. I tried System.Uri class it worked as excepted.
128
Besides, if you query the AD for a group members, you'll be able to compare all of the members' distinguishedName's directly without parsing code through the DirectoryEntry class of the System.DirectoryServices namespace.
Otherwise, I just don't know of such a class somewhere. =)
Hope this helps anyway somehow !
EDIT #1
Here's a link from which I have learned a lot working with the AD and the System.DirectoryServices namespace: Howto: (Almost) Everything In Active Directory via C#
I shall provide you with a sample code in a few days, if you still require it, where I will use the System.DirectoryServices.DirectorySearcher object class to retrieve the members of a group.
I hope this link will help you as it did for me! =)
EDIT #2
Here's the code sample I told you about. This should make it more efficient to query against the AD without having to work bakc and forth the AD.
public IList<string> GetMembers(string groupName) {
if (string.IsNullOrEmpty(groupName))
throw new ArgumentNullException("groupName");
IList<string> members = new List<string>();
DirectoryEntry root = new DirectoryEntry(@"LDAP://my.domain.com");
DirectorySearcher searcher = new DirectorySearcher();
searcher.SearchRoot = root;
searcher.SearchScope = SearchScope.Subtree;
searcher.PropertiesToLoad.Add("member");
searcher.Filter = string.Format("(&(objectClass=group)(sAMAccountName={0}))", groupName);
SearchResult result = searcher.FindOne();
DirectoryEntry groupFound = result.GetDirectoryEntry();
for (int index = 0; index < ((object[])groupFound.Properties["member"].Value).Length; ++index)
members.Add((string)((object[])groupFound.Properties["member"].Value)[index]);
return members;
}
Disclaimer : This code is provided as-is. I tested it on my local machine and it works perfectly fine. But since I had to retype it here because I couldn't just copy-paste it, I have perhaps made some mistakes while typing, which I wish didn't occur.
31
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
