Properly using directorysearch er to find a user in an AD Group

Jim in Arizona

I'm trying to do a check to see if a specific active directory user account
exists in active directory AND a specific group. I can't seem to get the
filter down right.

I can do this to find a matching name in active directory:

=============== =============== =============== ===
Dim oroot As DirectoryEntry = New DirectoryEntry( "LDAP://my.domain.local ")
Dim osearcher As DirectorySearch er = New DirectorySearch er(oroot)
Dim oresult As SearchResultCol lection
Dim result As SearchResult

osearcher.Filte r = "(&(sAMAccountN ame=jsmith))"
oresult = osearcher.FindA ll

For Each result In oresult
If Not result.GetDirec toryEntry.Prope rties("SAMAccou ntName").Value Is
Nothing Then
Response.Write( result.GetDirec toryEntry.Prope rties("SAMAccou ntName").Value
& "<br />")
End If
Next

'This results in "jsmith' being printed to the screen (if jsmith exists in
active directory)
=============== =============== =============== ===

I can do this to find a specific group name:

=============== =============== =============== ===
Dim oroot As DirectoryEntry = New DirectoryEntry( "LDAP://my.domain.local ")
Dim osearcher As DirectorySearch er = New DirectorySearch er(oroot)
Dim oresult As SearchResultCol lection
Dim result As SearchResult

osearcher.Filte r = "(&(objectCateg ory=Group)(sAMA ccountName=Doma in Admins))"
oresult = osearcher.FindA ll

For Each result In oresult
If Not result.GetDirec toryEntry.Prope rties("SAMAccou ntName").Value Is
Nothing Then
Response.Write( result.GetDirec toryEntry.Prope rties("SAMAccou ntName").Value
& "<br />")
End If
Next

'This results in "Domain Admins' being printed to the screen
=============== =============== =============== ===

I can even change the osearcher.filte r to just (sAMAccountName =Domain
Admins) and get the same result.

I'm trying to figure out how I can return the result (say, the user name
(samaccountname )) if the search paramater is both in AD and in the specific
group (or just the specific group).

My goal is to do a check like this (pseudocode):

=============== =============== =============== ===
Dim strUser as string = Request.ServerV ariables("AUTH_ USER")

Dim strADUser = osearcher.Filte r = "(&(sAMAccountN ame=" & strUser & "))"

If strUser = strADUser Then
Page.Redirect(T oSomePage)
Else
Page.Redirect(T oFailedPage)
End If
=============== =============== =============== ===

I Also need to check to see if they're in a specific group. I don't know how
I'd go about that. If, for instance, they're in the Sales group in AD, then
I could redirect them to the appropriate page. I could also, of course, keep
them out of other pages if they don't belong.

TIA,
Jim

Mar 13 '08 #1

Subscribe Reply

26877

Alexey Smirnov

On Mar 13, 6:57*pm, "Jim in Arizona" <tiltow...@hotm ail.comwrote:

I'm trying to do a check to see if a specific active directory user account
exists in active directory AND a specific group. I can't seem to get the
filter down right.

I can do this to find a matching name in active directory:

=============== =============== =============== ===
Dim oroot As DirectoryEntry = New DirectoryEntry( "LDAP://my.domain.local ")
Dim osearcher As DirectorySearch er = New DirectorySearch er(oroot)
Dim oresult As SearchResultCol lection
Dim result As SearchResult

osearcher.Filte r = "(&(sAMAccountN ame=jsmith))"
oresult = osearcher.FindA ll

For Each result In oresult
*If Not result.GetDirec toryEntry.Prope rties("SAMAccou ntName").Value Is
Nothing Then
* Response.Write( result.GetDirec toryEntry.Prope rties("SAMAccou ntName").Value
& "<br />")
*End If
Next

'This results in "jsmith' being printed to the screen (if jsmith exists in
active directory)
=============== =============== =============== ===

I can do this to find a specific group name:

=============== =============== =============== ===
Dim oroot As DirectoryEntry = New DirectoryEntry( "LDAP://my.domain.local ")
Dim osearcher As DirectorySearch er = New DirectorySearch er(oroot)
Dim oresult As SearchResultCol lection
Dim result As SearchResult

osearcher.Filte r = "(&(objectCateg ory=Group)(sAMA ccountName=Doma in Admins))"
oresult = osearcher.FindA ll

For Each result In oresult
*If Not result.GetDirec toryEntry.Prope rties("SAMAccou ntName").Value Is
Nothing Then
* Response.Write( result.GetDirec toryEntry.Prope rties("SAMAccou ntName").Value
& "<br />")
*End If
Next

'This results in "Domain Admins' being printed to the screen
=============== =============== =============== ===

I can even change the osearcher.filte r to just (sAMAccountName =Domain
Admins) and get the same result.

I'm trying to figure out how I can return the result (say, the user name
(samaccountname )) if the search paramater is both in AD and in the specific
group (or just the specific group).

My goal is to do a check like this (pseudocode):

=============== =============== =============== ===
Dim strUser as string = Request.ServerV ariables("AUTH_ USER")

Dim strADUser = *osearcher.Filt er = "(&(sAMAccountN ame=" & strUser& "))"

If strUser = strADUser Then
* *Page.Redirect( ToSomePage)
Else
* *Page.Redirect( ToFailedPage)
End If
=============== =============== =============== ===

I Also need to check to see if they're in a specific group. I don't know how
I'd go about that. If, for instance, they're in the Sales group in AD, then
I could redirect them to the appropriate page. I could also, of course, keep
them out of other pages if they don't belong.

TIA,
Jim

Domain Admins is an object with distinguishedNa me (a key to identify
this object). For example, it can look like this

"CN=Domain Admins,OU=Domai n Groups,DC=corp, DC=com"

As you can see, it defines the path to the root

corp.com
---- Domain Groups
---------- Domain Admins

So, to find the user you should call the following filter

(&(sAMAccountNa me=jsmith)(memb erOf=CN=Domain Admins,OU=Domai n
Groups,DC=corp, DC=com))

Mar 13 '08 #2

Alexey Smirnov

On Mar 13, 8:18*pm, "Jim in Arizona" <tiltow...@hotm ail.comwrote:

I'm hoping that if any of the searches were successful, they're username
(sAMAccountName ) would show up on the screen.

I'm not sure what to do to fix this. What am I doing wrong?

Jim, that's definitely because of the wrong memberOf value. I'm not
sure how your application is supposed to work but you can do
following:

1) Download and install LDAP browser (for example, like the one I'm
using from http://www.ldapbrowser.com/download.htm). Connect to your
domain and check what memberOf you have in reality

2) Find group's distinguishedNa me dynamically using a new
DirectorySearch er.

The search filter for finding group you already know:

"(&(objectCateg ory=group)(sAMA ccountName=" + groupName + "))"

where the group name is the name of the group you wanted to check
(e.g. "Domain Admins")

[pseudocode:]

Dim gsearcher As DirectorySearch er = New DirectorySearch er(oroot)
Dim gresult As SearchResultCol lection
Dim result As SearchResult

gsearcher.Filte r = "(&(objectCateg ory=group)(sAMA ccountName=" +
groupName + "))"
gresult = gsearcher.FindA ll

Dim dn As String

dn = gResult(0).Prop erties("disting uishedname")(0) .ToString

After that you can use this dn as a value for the final search

"(&(sAMAccountN ame=" & username & ")(memberOf =" & dn & "))"

Mar 16 '08 #3

Similar topics

9890

Changing Password to an account that has to change password at first logon using System.DirectoryServices

by: Fabrizio | last post by:

(Sorry for the crosspost, but I really don't know which is the right newsgroup!) Hi all, I try to change the password to a user that as to change the password at first logon: try {

C# / C Sharp

5064

Using LDAP Provider in C# to retrieve the First Name and Last Name

by: Prasad Karunakaran | last post by:

I am using the C# DirectoryEntry class to retrieve the Properties of an user object in the Active Directory. I need to get the First Name and Last Name as properties. I know it is not supported with the ADSI NT Provider and only supported in the LDAP Provider. So given an UserId (UID) how can I read the First Name and Last Name using LDAP Provider. If anybody can help me with a C# sample code it would of great help. Thanks in advance.

C# / C Sharp

2316

List groups that a user belong using AD

by: Gonçalo Boléo | last post by:

How do i list the groups a user belong using AD? thanks, Gonçalo Boléo

C# / C Sharp

346

Using Directory Services saves some settings and not others

by: Shawn Melton | last post by:

I am trying to do in order Create an Use Commit Change Set Passwor *Set Password No Expir *Set Cant Change Passwor Commit Change *Enable Use Commit Change

ASP.NET

961

AD searches using LIKE

by: dhnriverside | last post by:

Hi guys I'm allowing users to search my SQL database for Projects created by a certain user. The user login stuff is all stored in AD. Atm, I can get it to work so that if they type the full name "Dan Nash" for example, it returns all the Projects I created. However, it's a tad long-winded.

ASP.NET

1222

DirectorySearcher operations error

by: Shaun via .NET 247 | last post by:

Hi there, I have a problem with System.DirectoryServices.DirectorySearcher . I have a VB.Net Web Application containing a web form which has on it a text box, a list box and a button. The form loads, user types part of a name into the text box and upon clicking the button fills the list box with AD usernames. This works fine if I call the page from the web server, but if I call the page from a client machine (logged on as same user) when...

Visual Basic .NET

5030

Using ASP.Net to Get User Information from AD

by: Derek Martin | last post by:

Hey list, got this code running in a webform: Dim DSESearcher As System.DirectoryServices.DirectorySearcher = New System.DirectoryServices.DirectorySearcher Dim RootDSE As String = DSESearcher.SearchRoot.Path RootDSE = RootDSE.Insert(7, "ou=users,ou=myusers,") Dim myDE As DirectoryEntry = New DirectoryEntry(RootDSE) Dim myEntries As DirectoryEntries = myDE.Children Dim thisentry As DirectoryEntry thisentry = myEntries.Find("cn=" &...

Visual Basic .NET

11994

Case sensitivity problem in using the Contains method in ResultPropertyValueCollection

by: Chris Noble | last post by:

I need to check whether a particular user is already a member of an Active Directory Security Group. The following code extract works but only if the user distinguished name is exactly the same as that returned from Active Directory. For example using 'cn=' in the userdn string instead of 'CN=' does not work. As far as I am aware Active Directory is not case sensitive and it is therefore difficult to predict the case of a string.

C# / C Sharp

1610

DirectoryEntry without using admin user: how to check if account'sexpired

by: Big Charles | last post by:

Hello, Programming in VS2003-ASP.NET 1.1, I have this problem: Using DirectoryEntry and without any admin user, how can I check if a domain account, that try to login, has expired? Scenario: User load web application and login using account and password of the Active Directory. But user account of ActiveDirectory has expired (or password could be expired). For security reason, we don't want to use any account with admin privilegies for...

.NET Framework

9645

What is ONU?

by: marktang | last post by:

ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...

General

9480

Changing the language in Windows 10

by: Hystou | last post by:

Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...

Windows Server

10330

Problem With Comparison Operator <=> in G++

by: Oralloy | last post by:

Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...

C / C++

10153

Maximizing Business Potential: The Nexus of Website Design and Digital Marketing

by: jinu1996 | last post by:

In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...

Online Marketing

10093

The easy way to turn off automatic updates for Windows 10/11

by: Hystou | last post by:

Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...

Windows Server

7500

Access Europe - Using VBA to create a class based on a table - Wed 1 May

by: isladogs | last post by:

The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...

Microsoft Access / VBA

6740

Couldn’t get equations in html when convert word .docx file to html file in C#.

by: conductexam | last post by:

I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...

C# / C Sharp

4053

transfer the data from one system to another through ip address

by: 6302768590 | last post by:

Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system

C# / C Sharp

3654

How to add payments to a PHP MySQL app.

by: muto222 | last post by:

How can i add a mobile payment intergratation into php mysql website.

PHP