By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
464,609 Members | 1,155 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 464,609 IT Pros & Developers. It's quick & easy.

Searching an AD security group

P: n/a
Hi,

When a user visits my site (ASP.NET + VB.NET), I need to know if they are in
a particular AD security group in order to display the pertinant information.

When I call UserLookup in code below it works well at returning whether the
user is directly a member of the group. However, if they are contained inside
of an inherited security group, it returns false because it will not search
recursively.

I thought this would be simple to find information on, but apparently I
thought wrong.

Any help would be appreciated.

CODE:
The class has DOMAINNAMEVALUE, SERVERNAMEVALUE and GROUPNAMEVALUE initalized
in the constructor.

Public Function ReturnUsers()
Dim strDirEntryPath As String
strDirEntryPath = "WinNT://" & DomainNameValue & "/" &
ServerNameValue & "/" & GroupNameValue & ",group"
Dim users As Object

Dim group As New DirectoryEntry(strDirEntryPath)
users = group.Invoke("members")

Dim user1 As Object
Dim UsersCollection As New Collection

For Each user1 In CType(users, IEnumerable)
Try
Dim userEntry As New
System.DirectoryServices.DirectoryEntry(user1)
UsersCollection.Add(userEntry.Name)
Catch e1 As Exception
Return e1
Exit Function
End Try
Next

Return UsersCollection
End Function

'returns true/false if a person is in an AD security group or not
Public Function UserLookup(ByVal user As String)

Dim i As Integer
Dim UsersCollection As New Collection
Dim Match As Boolean = False

Match = CheckUser()

UsersCollection = Me.ReturnUsers

For i = 1 To UsersCollection.Count
If UsersCollection.Item(i) = user Then
Match = True
Return Match
End If
Next

End Function

--
Weeims
Nov 21 '05 #1
Share this Question
Share on Google+
3 Replies

P: n/a
Hi

Here is sample in CodeProject.
Although it is in C#, but I think VB.NET method is similar.
Authorize and authenticate users with
http://www.codeproject.com/csharp/ActiveDirUsers.asp

If you still have any concern, please feel free to post here.

Best regards,

Peter Huang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.

Nov 21 '05 #2

P: n/a
Thanks for your reply Peter,

The code you pointed me to returns the groups that a given member belongs
to. This is somewhat opposite of what I am looking for. I need to be able
to search the members of a group to look for a logged on person. The problem
is inherited groups. The user may belong to a group (gp1) that in turn
belongs to another group (gp2). GP2 does not show as a group that the user
belongs to.

I need to start with GP2, evaluate its members, if one of its members is yet
another security group, then evaluate the members of this group (GP1) and so
on until I either find the user, or run out of paths to dig into.

This is the same process the OS is doing each time I try to open a file,
that is why I firgured this would be well documented.

--
Weeims
""Peter Huang" [MSFT]" wrote:
Hi

Here is sample in CodeProject.
Although it is in C#, but I think VB.NET method is similar.
Authorize and authenticate users with
http://www.codeproject.com/csharp/ActiveDirUsers.asp

If you still have any concern, please feel free to post here.

Best regards,

Peter Huang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.

Nov 21 '05 #3

P: n/a
Hi

Here is a link about how to use DirectoryService to list the members of
certain group.(NOTE: it use WINNT, but the LDAP will use the similar
approach except the path string is different).
You may take a look.
http://www.eggheadcafe.com/forums/Fo...=27383&INTID=2

If you still have any concern, please feel free to post here.

Best regards,

Peter Huang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.

Nov 21 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.