473,326 Members | 2,337 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,326 software developers and data experts.

Active Directory query doesn't work...

Hello, everybody.

I'd like to do this: For a big program (a web service) I need information
about the usergroups an active-directory-user is member of. To be more
precise, I need to know if a particular user is in a particular group or not.
This is my first Active-Directory-query in a C#-program, so it might look
crude or primitive...well, it doesn't work anyway...

The interesting part of the code is this:

public bool GetADUserGroups(string userName, string gruppe)
{
bool ergebnis = false;

DirectoryEntry ebr = new
DirectoryEntry("LDAP://DOMAINE.DO","DOMAIN_USER","PASSWORD");

/*(do I need a domain admin for this or is a standard domain user
sufficient)*/

DirectorySearcher search = new DirectorySearcher(ebr);

/*(these are the many filter variants I tried. Except for the last one that
is not a comment, all terminated with errors)*/

//search.Filter = String.Format("(cn={0})", userName);

//search.Filter =
String.Format("&(objectClass=user)(userprincipalna me={0})", userName);

//search.Filter = "&(objectClass=user)(userprincipalname=" +
userName + ")";

search.Filter = "(objectClass=user)";

/*(the username has the format "firstname.lastname", just like the login
name)*/

search.PropertiesToLoad.Add("memberOf");
search.PropertiesToLoad.Add("samAccountName");

foreach (SearchResult table in search.FindAll())
{
int groupCount = table.Properties["memberOf"].Count;

logger.LogInfo(table.Properties["samAccountName"].ToString());

if (table.Properties["samAccountName"].ToString() == userName)
{

for (int i = 0; i < groupCount; i++)
{

logger.LogInfo(table.Properties["memberOf"][i].ToString());

if (table.Properties["mebmerOf"][i].ToString() ==
gruppe)
{
ergebnis = true;
}
}
}
}
return ergebnis;
}

So, I'm finally there where I don't have any more ideas. I'm still trying,
but I'm feeling like any idea is a very long shot...

I'd be glad about any help you can provide. Many thanks in advance!
Apr 20 '07 #1
3 2991
"aziegler" <az******@discussions.microsoft.comwrote in message
news:E3**********************************@microsof t.com...
Hello, everybody.

I'd like to do this: For a big program (a web service) I need information
about the usergroups an active-directory-user is member of. To be more
precise, I need to know if a particular user is in a particular group or not.
This is my first Active-Directory-query in a C#-program, so it might look
crude or primitive...well, it doesn't work anyway...

The interesting part of the code is this:

public bool GetADUserGroups(string userName, string gruppe)
{
bool ergebnis = false;

DirectoryEntry ebr = new
DirectoryEntry("LDAP://DOMAINE.DO","DOMAIN_USER","PASSWORD");

/*(do I need a domain admin for this or is a standard domain user
sufficient)*/

DirectorySearcher search = new DirectorySearcher(ebr);

/*(these are the many filter variants I tried. Except for the last one that
is not a comment, all terminated with errors)*/

//search.Filter = String.Format("(cn={0})", userName);

//search.Filter =
String.Format("&(objectClass=user)(userprincipalna me={0})", userName);

//search.Filter = "&(objectClass=user)(userprincipalname=" +
userName + ")";

search.Filter = "(objectClass=user)";

/*(the username has the format "firstname.lastname", just like the login
name)*/

search.PropertiesToLoad.Add("memberOf");
search.PropertiesToLoad.Add("samAccountName");

foreach (SearchResult table in search.FindAll())
{
int groupCount = table.Properties["memberOf"].Count;

logger.LogInfo(table.Properties["samAccountName"].ToString());

if (table.Properties["samAccountName"].ToString() == userName)
{

for (int i = 0; i < groupCount; i++)
{

logger.LogInfo(table.Properties["memberOf"][i].ToString());

if (table.Properties["mebmerOf"][i].ToString() ==
gruppe)
{
ergebnis = true;
}
}
}
}
return ergebnis;
}

So, I'm finally there where I don't have any more ideas. I'm still trying,
but I'm feeling like any idea is a very long shot...

I'd be glad about any help you can provide. Many thanks in advance!


Not really a C# question, you might get better responses when posting to the adsi NG,
anyway, following is a snip that illustrates how you can get the groups a user belongs to.

// bind to the Global Catalog
string rootPath = "GC://domaine.do/DC=..., DC=...";
//or
string rootPath = "LDAP://domaine.do/DC=..., DC=...";
..
string userAccount = "someUser";
..
using (DirectoryEntry root = new DirectoryEntry(rootPath, "domainuser", "password",
AuthenticationTypes.FastBind))
{
using (DirectorySearcher ds = new DirectorySearcher(root))
{
SearchResult sr = null;
ds.Filter = "(SAMAccountName=" + userAccount + ")";
sr = ds.FindOne();
using (DirectoryEntry user = sr.GetDirectoryEntry())
{
PropertyCollection pcoll = user.Properties;
PropertyValueCollection memberOf = pcoll["memberOf"];
foreach (string cnGroup in memberOf)
{
ds.Filter = cnGroup.Substring(0, cnGroup.IndexOf(','));
sr = ds.FindOne();
using (DirectoryEntry group = sr.GetDirectoryEntry())
{
Console.WriteLine(group.Properties["SAMAccountName"].Value.ToString());
}
}
}
}
}

Willy.

Apr 20 '07 #2
Thank you for the advice with the ADSI-group. They've told me a much easier
way to do what I wanted (using WindowsIdentity).

Thanks anyway for your efforts.
"Willy Denoyette [MVP]" wrote:
"aziegler" <az******@discussions.microsoft.comwrote in message
news:E3**********************************@microsof t.com...
Hello, everybody.

I'd like to do this: For a big program (a web service) I need information
about the usergroups an active-directory-user is member of. To be more
precise, I need to know if a particular user is in a particular group or not.
This is my first Active-Directory-query in a C#-program, so it might look
crude or primitive...well, it doesn't work anyway...

The interesting part of the code is this:

public bool GetADUserGroups(string userName, string gruppe)
{
bool ergebnis = false;

DirectoryEntry ebr = new
DirectoryEntry("LDAP://DOMAINE.DO","DOMAIN_USER","PASSWORD");

/*(do I need a domain admin for this or is a standard domain user
sufficient)*/

DirectorySearcher search = new DirectorySearcher(ebr);

/*(these are the many filter variants I tried. Except for the last one that
is not a comment, all terminated with errors)*/

//search.Filter = String.Format("(cn={0})", userName);

//search.Filter =
String.Format("&(objectClass=user)(userprincipalna me={0})", userName);

//search.Filter = "&(objectClass=user)(userprincipalname=" +
userName + ")";

search.Filter = "(objectClass=user)";

/*(the username has the format "firstname.lastname", just like the login
name)*/

search.PropertiesToLoad.Add("memberOf");
search.PropertiesToLoad.Add("samAccountName");

foreach (SearchResult table in search.FindAll())
{
int groupCount = table.Properties["memberOf"].Count;

logger.LogInfo(table.Properties["samAccountName"].ToString());

if (table.Properties["samAccountName"].ToString() == userName)
{

for (int i = 0; i < groupCount; i++)
{

logger.LogInfo(table.Properties["memberOf"][i].ToString());

if (table.Properties["mebmerOf"][i].ToString() ==
gruppe)
{
ergebnis = true;
}
}
}
}
return ergebnis;
}

So, I'm finally there where I don't have any more ideas. I'm still trying,
but I'm feeling like any idea is a very long shot...

I'd be glad about any help you can provide. Many thanks in advance!

Not really a C# question, you might get better responses when posting to the adsi NG,
anyway, following is a snip that illustrates how you can get the groups a user belongs to.

// bind to the Global Catalog
string rootPath = "GC://domaine.do/DC=..., DC=...";
//or
string rootPath = "LDAP://domaine.do/DC=..., DC=...";
..
string userAccount = "someUser";
..
using (DirectoryEntry root = new DirectoryEntry(rootPath, "domainuser", "password",
AuthenticationTypes.FastBind))
{
using (DirectorySearcher ds = new DirectorySearcher(root))
{
SearchResult sr = null;
ds.Filter = "(SAMAccountName=" + userAccount + ")";
sr = ds.FindOne();
using (DirectoryEntry user = sr.GetDirectoryEntry())
{
PropertyCollection pcoll = user.Properties;
PropertyValueCollection memberOf = pcoll["memberOf"];
foreach (string cnGroup in memberOf)
{
ds.Filter = cnGroup.Substring(0, cnGroup.IndexOf(','));
sr = ds.FindOne();
using (DirectoryEntry group = sr.GetDirectoryEntry())
{
Console.WriteLine(group.Properties["SAMAccountName"].Value.ToString());
}
}
}
}
}

Willy.

Apr 25 '07 #3
"aziegler" <az******@discussions.microsoft.comwrote in message
news:53**********************************@microsof t.com...
Thank you for the advice with the ADSI-group. They've told me a much
easier
way to do what I wanted (using WindowsIdentity).
True, but you asked about users in an AD, right? WindowsIdentity won't help
you find the groups a arbitrary user belongs to, it's only usable when using
the current user's Identity!
Willy.
Apr 25 '07 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
by: Jay Chan | last post by:
We have just installed a SQL Server 2000 (SP 3A) onto a computer that has Windows-2003 Server on it. Now, we cannot get access to that database server from other computers. Seem like this may be an...
10
by: huzz | last post by:
I have web application that quaries the Active Directory to get user details.. everything works fine but someday I'll get System.Runtime.InteropServices.COMExection and if I restart the client...
1
by: Andrew | last post by:
Hey all, Working on revamping our Intranet here and making use of the LDPA, Active Directory, Directory Services, etc. that .Net provides. I am still fairly new on this subject, so the problem...
3
by: Lucky | last post by:
Hi guys, after long long time. i'm back again with another problem. this time i think the problem is very very interesting and i really need you help on this. i'm trying to connect to the...
2
by: Jim in Arizona | last post by:
My goal, somehow, is to populate a dropdownlist with all the user names in active directory. I don't even know where to begin, really. I added a reference to System.DirectoryServices so I could...
0
by: Chung Leong | last post by:
In this brief tutorial I'll describe how you retrieve information from an Active Directory through the OLE-DB extension. While it is possible to use the LDAP extension to achieve the same goal, as...
18
by: Arthur | last post by:
Hi All, I would like to get the name of the user given their networkID, is this something Active Directory would be useful for?(For intranet users) If so, can you please point me to some sample...
7
by: kooch54 | last post by:
I am trying to write a script to simply query the group members in an active directory group. I need to use LDAP to make sure I capture any global global group nestings that may occur. I already...
0
by: Zetten | last post by:
I'm trying to develop a page which will grab a few details for the currently logged-in Windows user from the Active Directory controller. I can get the full name of the user from their username...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.