none
Check If User is in AD groups and return to check boxes RRS feed

  • Question

  • Hello. I need to check if user belongs to groups AD and return each single to checkboxes

    I can only check one group. How to do it in few?
    I tried:
    GroupPrincipal group = GroupPrincipal.FindByIdentity(ctx, "#Print_Color, #Second, #Third");
    but have error: Argument 2: cannot convert from 'string' to 'System.DirectoryServices.AccountManagement.IdentityType'

                PrincipalContext ctx = new PrincipalContext(ContextType.Domain, "domain");
                UserPrincipal user = UserPrincipal.FindByIdentity(ctx, Login);
                GroupPrincipal group = GroupPrincipal.FindByIdentity(ctx, "#Print_Color", "Od");
    
                if (user != null)
                {
                    if (user.IsMemberOf(group))
                    {
                        CheckBox_Uzytkownik_WydrukKolor.IsChecked = true;
                    }
                }
                else
                {
                    var window = Application.Current.Windows.OfType<MetroWindow>().FirstOrDefault();
                    if (window != null)
                        await window.ShowMessageAsync("Error", "test");
                    return;
                }

    Thursday, December 14, 2017 1:00 PM

All replies

  • You should probably go about this the other way - get all the groups a user is a member of and then compare them.

    //Converted from Powershell
    IEnumerable<Principal> GetUserGroups ( string domainName, string username )
    {
       var context = new PrincipalContext(ContextType.Domain, domainName);
       var account = UserPrincipal::FindByIdentity(context, username);
       if (account != null)
          return account.GetAuthorizationGroups();
    
       return Enumerable.Empty<Principal>();
    }
    


    Michael Taylor http://www.michaeltaylorp3.net

    Thursday, December 14, 2017 3:04 PM
    Moderator
  • Here is another method you can use to enumerate the Groups:

             using(System.DirectoryServices.DirectoryEntry groupEntry = new System.DirectoryServices.DirectoryEntry("WinNT://<domainName>/<userID>"))
                {
                    foreach(object member in (System.Collections.IEnumerable) groupEntry.Invoke("Groups"))
                    {
                        using(System.DirectoryServices.DirectoryEntry memberEntry = new System.DirectoryServices.DirectoryEntry(member))
                        {
                            Console.WriteLine(memberEntry.Name);
                        }
                    }
                }


    Paul ~~~~ Microsoft MVP (Visual Basic)

    Thursday, December 14, 2017 5:58 PM
  • I did this:

                string[] output = null;
    
                using (var ctx = new PrincipalContext(ContextType.Domain))
                using (var user = UserPrincipal.FindByIdentity(ctx, Login))
                {
                    if (user != null)
                    {
                        output = user.GetGroups() 
                            .Select(x => x.SamAccountName)
                            .ToArray(); 

    Friday, December 15, 2017 8:47 AM
  • Be aware that GetGroups only returns groups that a user is a direct member of. Any groups that the user is a member of because one of their groups is in it won't be returned. That's why you should be using GetAuthorizationGroups instead.

    Michael Taylor http://www.michaeltaylorp3.net

    Friday, December 15, 2017 2:25 PM
    Moderator