473,416 Members | 1,750 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > properly using directorysearcher to find a user in an ad group

Join Bytes to post your question to a community of 473,416 software developers and data experts.

Properly using directorysearcher to find a user in an AD Group

I'm trying to do a check to see if a specific active directory user account
exists in active directory AND a specific group. I can't seem to get the
filter down right.

I can do this to find a matching name in active directory:

================================================
Dim oroot As DirectoryEntry = New DirectoryEntry("LDAP://my.domain.local")
Dim osearcher As DirectorySearcher = New DirectorySearcher(oroot)
Dim oresult As SearchResultCollection
Dim result As SearchResult

osearcher.Filter = "(&(sAMAccountName=jsmith))"
oresult = osearcher.FindAll

For Each result In oresult
If Not result.GetDirectoryEntry.Properties("SAMAccountNam e").Value Is
Nothing Then
Response.Write(result.GetDirectoryEntry.Properties ("SAMAccountName").Value
& "<br />")
End If
Next

'This results in "jsmith' being printed to the screen (if jsmith exists in
active directory)
================================================

I can do this to find a specific group name:

================================================
Dim oroot As DirectoryEntry = New DirectoryEntry("LDAP://my.domain.local")
Dim osearcher As DirectorySearcher = New DirectorySearcher(oroot)
Dim oresult As SearchResultCollection
Dim result As SearchResult

osearcher.Filter = "(&(objectCategory=Group)(sAMAccountName=Domai n Admins))"
oresult = osearcher.FindAll

For Each result In oresult
If Not result.GetDirectoryEntry.Properties("SAMAccountNam e").Value Is
Nothing Then
Response.Write(result.GetDirectoryEntry.Properties ("SAMAccountName").Value
& "<br />")
End If
Next

'This results in "Domain Admins' being printed to the screen
================================================

I can even change the osearcher.filter to just (sAMAccountName=Domain
Admins) and get the same result.

I'm trying to figure out how I can return the result (say, the user name
(samaccountname)) if the search paramater is both in AD and in the specific
group (or just the specific group).

My goal is to do a check like this (pseudocode):

================================================
Dim strUser as string = Request.ServerVariables("AUTH_USER")

Dim strADUser = osearcher.Filter = "(&(sAMAccountName=" & strUser & "))"

If strUser = strADUser Then
Page.Redirect(ToSomePage)
Else
Page.Redirect(ToFailedPage)
End If
================================================

I Also need to check to see if they're in a specific group. I don't know how
I'd go about that. If, for instance, they're in the Sales group in AD, then
I could redirect them to the appropriate page. I could also, of course, keep
them out of other pages if they don't belong.

TIA,
Jim

Mar 13 '08 #1
2 26836
On Mar 13, 6:57*pm, "Jim in Arizona" <tiltow...@hotmail.comwrote:
I'm trying to do a check to see if a specific active directory user account
exists in active directory AND a specific group. I can't seem to get the
filter down right.

I can do this to find a matching name in active directory:

================================================
Dim oroot As DirectoryEntry = New DirectoryEntry("LDAP://my.domain.local")
Dim osearcher As DirectorySearcher = New DirectorySearcher(oroot)
Dim oresult As SearchResultCollection
Dim result As SearchResult

osearcher.Filter = "(&(sAMAccountName=jsmith))"
oresult = osearcher.FindAll

For Each result In oresult
*If Not result.GetDirectoryEntry.Properties("SAMAccountNam e").Value Is
Nothing Then
* Response.Write(result.GetDirectoryEntry.Properties ("SAMAccountName").Value
& "<br />")
*End If
Next

'This results in "jsmith' being printed to the screen (if jsmith exists in
active directory)
================================================

I can do this to find a specific group name:

================================================
Dim oroot As DirectoryEntry = New DirectoryEntry("LDAP://my.domain.local")
Dim osearcher As DirectorySearcher = New DirectorySearcher(oroot)
Dim oresult As SearchResultCollection
Dim result As SearchResult

osearcher.Filter = "(&(objectCategory=Group)(sAMAccountName=Domai n Admins))"
oresult = osearcher.FindAll

For Each result In oresult
*If Not result.GetDirectoryEntry.Properties("SAMAccountNam e").Value Is
Nothing Then
* Response.Write(result.GetDirectoryEntry.Properties ("SAMAccountName").Value
& "<br />")
*End If
Next

'This results in "Domain Admins' being printed to the screen
================================================

I can even change the osearcher.filter to just (sAMAccountName=Domain
Admins) and get the same result.

I'm trying to figure out how I can return the result (say, the user name
(samaccountname)) if the search paramater is both in AD and in the specific
group (or just the specific group).

My goal is to do a check like this (pseudocode):

================================================
Dim strUser as string = Request.ServerVariables("AUTH_USER")

Dim strADUser = *osearcher.Filter = "(&(sAMAccountName=" & strUser& "))"

If strUser = strADUser Then
* *Page.Redirect(ToSomePage)
Else
* *Page.Redirect(ToFailedPage)
End If
================================================

I Also need to check to see if they're in a specific group. I don't know how
I'd go about that. If, for instance, they're in the Sales group in AD, then
I could redirect them to the appropriate page. I could also, of course, keep
them out of other pages if they don't belong.

TIA,
Jim
Domain Admins is an object with distinguishedName (a key to identify
this object). For example, it can look like this

"CN=Domain Admins,OU=Domain Groups,DC=corp,DC=com"

As you can see, it defines the path to the root

corp.com
---- Domain Groups
---------- Domain Admins

So, to find the user you should call the following filter

(&(sAMAccountName=jsmith)(memberOf=CN=Domain Admins,OU=Domain
Groups,DC=corp,DC=com))
Mar 13 '08 #2
On Mar 13, 8:18*pm, "Jim in Arizona" <tiltow...@hotmail.comwrote:
I'm hoping that if any of the searches were successful, they're username
(sAMAccountName) would show up on the screen.

I'm not sure what to do to fix this. What am I doing wrong?
Jim, that's definitely because of the wrong memberOf value. I'm not
sure how your application is supposed to work but you can do
following:

1) Download and install LDAP browser (for example, like the one I'm
using from http://www.ldapbrowser.com/download.htm). Connect to your
domain and check what memberOf you have in reality

2) Find group's distinguishedName dynamically using a new
DirectorySearcher.

The search filter for finding group you already know:

"(&(objectCategory=group)(sAMAccountName=" + groupName + "))"

where the group name is the name of the group you wanted to check
(e.g. "Domain Admins")

[pseudocode:]

Dim gsearcher As DirectorySearcher = New DirectorySearcher(oroot)
Dim gresult As SearchResultCollection
Dim result As SearchResult

gsearcher.Filter = "(&(objectCategory=group)(sAMAccountName=" +
groupName + "))"
gresult = gsearcher.FindAll

Dim dn As String

dn = gResult(0).Properties("distinguishedname")(0).ToSt ring

After that you can use this dn as a value for the final search

"(&(sAMAccountName=" & username & ")(memberOf=" & dn & "))"
Mar 16 '08 #3
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

10
Changing Password to an account that has to change password at first logon using System.DirectoryServices
by: Fabrizio | last post by:
(Sorry for the crosspost, but I really don't know which is the right newsgroup!) Hi all, I try to change the password to a user that as to change the password at first logon: try {
C# / C Sharp
1
Using LDAP Provider in C# to retrieve the First Name and Last Name
by: Prasad Karunakaran | last post by:
I am using the C# DirectoryEntry class to retrieve the Properties of an user object in the Active Directory. I need to get the First Name and Last Name as properties. I know it is not supported...
C# / C Sharp
3
List groups that a user belong using AD
by: Gonçalo Boléo | last post by:
How do i list the groups a user belong using AD? thanks, Gonçalo Boléo
C# / C Sharp
0
Using Directory Services saves some settings and not others
by: Shawn Melton | last post by:
I am trying to do in order Create an Use Commit Change Set Passwor *Set Password No Expir *Set Cant Change Passwor Commit Change *Enable Use Commit Change
ASP.NET
0
AD searches using LIKE
by: dhnriverside | last post by:
Hi guys I'm allowing users to search my SQL database for Projects created by a certain user. The user login stuff is all stored in AD. Atm, I can get it to work so that if they type the full...
ASP.NET
0
DirectorySearcher operations error
by: Shaun via .NET 247 | last post by:
Hi there, I have a problem with System.DirectoryServices.DirectorySearcher . I have a VB.Net Web Application containing a web form which has on it a text box, a list box and a button. The form...
Visual Basic .NET
1
Using ASP.Net to Get User Information from AD
by: Derek Martin | last post by:
Hey list, got this code running in a webform: Dim DSESearcher As System.DirectoryServices.DirectorySearcher = New System.DirectoryServices.DirectorySearcher Dim RootDSE As String =...
Visual Basic .NET
8
Case sensitivity problem in using the Contains method in ResultPropertyValueCollection
by: Chris Noble | last post by:
I need to check whether a particular user is already a member of an Active Directory Security Group. The following code extract works but only if the user distinguished name is exactly the same...
C# / C Sharp
0
DirectoryEntry without using admin user: how to check if account'sexpired
by: Big Charles | last post by:
Hello, Programming in VS2003-ASP.NET 1.1, I have this problem: Using DirectoryEntry and without any admin user, how can I check if a domain account, that try to login, has expired? Scenario: User...
.NET Framework
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA
0
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
C# / C Sharp

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!