Network Shares & Folders & Access Rights & AD Groups RRS feed

  • Question

  • Hey,

    I want to scan different network shares and get the groups of the Active Directory assinged to them including the access rights.

    How can I do this?


    Wednesday, May 15, 2019 2:04 PM

All replies

  • Hi virtualfunction,

    Thank you for posting here.

    If you want to get the user list of shared folder with the permission and group name, you could try  the code below.

    using Newtonsoft.Json; using System; using System.Collections; using System.Collections.Generic; using System.Collections.ObjectModel; using System.Data; using System.Data.OleDb; using System.DirectoryServices; using System.DirectoryServices.AccountManagement; using System.Globalization; using System.IO; using System.Linq; using System.Reflection; using System.Runtime.InteropServices; using System.Security.AccessControl; using System.Security.Principal; using System.Text; using System.Threading.Tasks; using System.Xml.Linq; namespace ConsoleApp { class Program { public static void Main(string[] args) { List<Permission> permissions = new List<Permission>(); string DirName = @"Test1"; //folder name var UserList = GetDirectoryAccountSecurity(DirName); foreach (var item in UserList) { var UserPermission = GetUserPermission(item, DirName); var GroupName = GetGroupName(item); permissions.Add(new Permission { UserName = item, UserPermission = UserPermission, GrouPName = GroupName }); } foreach (var item in permissions) { Console.WriteLine("UserName:{0}, UserPermission:{1}, GroupName:{2}", item.UserName, item.UserPermission, item.GrouPName);


    Console.ReadKey(); } public static List<string> GetDirectoryAccountSecurity(string DirName) { List<string> dAccount = new List<string>(); DirectoryInfo dInfo = new DirectoryInfo(DirName); if (dInfo.Exists) { DirectorySecurity sec = Directory.GetAccessControl(DirName, AccessControlSections.All); foreach (FileSystemAccessRule rule in sec.GetAccessRules(true, true, typeof(NTAccount))) { if (rule.IdentityReference.Value != @"NT AUTHORITY\SYSTEM" && rule.IdentityReference.Value != @"BUILTIN\Administrators") dAccount.Add(rule.IdentityReference.Value); } } return dAccount; } public static string GetUserPermission(string UserName, string DirName) { string UserPermission = string.Empty; DirectoryInfo di = new DirectoryInfo(DirName); DirectorySecurity acl = di.GetAccessControl(AccessControlSections.All); AuthorizationRuleCollection rules = acl.GetAccessRules(true, true, typeof(NTAccount));

    foreach (AuthorizationRule rule in rules) { if (rule.IdentityReference.Value.Equals(UserName, StringComparison.CurrentCultureIgnoreCase)) { var filesystemAccessRule = (FileSystemAccessRule)rule; UserPermission = filesystemAccessRule.FileSystemRights.ToString(); } } return UserPermission; } public static string GetGroupName(string UserName) { string groupName = string.Empty; string name = UserName.Split('\\').Last();//use this code to split the domain name and user name using (var context = new PrincipalContext(ContextType.Domain)) { using (UserPrincipal user = new UserPrincipal(context)) { user.SamAccountName = name; using (var searcher = new PrincipalSearcher(user)) { foreach (var result in searcher.FindAll()) { DirectoryEntry de = result.GetUnderlyingObject() as DirectoryEntry; groupName = de.Properties["memberOf"].Value.ToString(); } } } } return groupName; } } public class Permission { public string UserName { get; set; } public string UserPermission { get; set; } public string GrouPName { get; set; } } }

    Best Regards,


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact

    Thursday, May 16, 2019 8:25 AM