locked
Active Directory can't get group list RRS feed

  • Question

  • User386189764 posted

    I am developing a bunch of internal applications, and am trying to authorize a user


    User.IsInRole(@"MOEST.govt.nz/SG MOEST Application Developers")


    However, I always get a false returned.  The obvious problem is that with the User object I can't get a list of groups, so I have no idea why this call is failing.  Then I tried to write some code to get the list of groups available


    string GetADUserGroups(string userName) {
        DirectorySearcher search = new DirectorySearcher();
        search.Filter = String.Format("(cn={0})", userName);
        search.PropertiesToLoad.Add("memberOf");
        StringBuilder groupsList = new StringBuilder();
            
        SearchResult result = search.FindOne();
        if (result != null)
        {
            int groupCount = result.Properties["memberOf"].Count;
                            
            for(int counter = 0; counter < groupCount; counter++)
            {
                groupsList.Append((string)result.Properties["memberOf"][counter]);
                groupsList.Append("|");
            }
        }
        groupsList.Length -= 1; //remove the last '|' symbol
    
        return groupsList.ToString();
    }


    This code fails because there is no "memberOf" property (and I have tried a few more other methods). 

    I have browsed the active directory groups (in explorer my network places), and can see the AD groups.


    So how do I work out why IsUserInRole always fails?

    Also, should I be bothering with this approach anyway, or should I check user/roles in the db?



    Tuesday, September 8, 2009 7:40 PM

Answers

  • User312496708 posted

    check these links.

    http://www.netomatix.com/enumadgroups.aspx

    http://stackoverflow.com/questions/323536/asp-net-how-to-get-list-of-groups-in-active-directory

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, September 8, 2009 8:24 PM

All replies

  • User312496708 posted

    check these links.

    http://www.netomatix.com/enumadgroups.aspx

    http://stackoverflow.com/questions/323536/asp-net-how-to-get-list-of-groups-in-active-directory

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, September 8, 2009 8:24 PM
  • User386189764 posted

    Thanks for that...

    The method I used was on -  http://www.codeproject.com/KB/system/QueryADwithDotNet.aspx, which your stackoverflow article points to (suggesting it is a better method). 

    However, the key thing is that the getgroups method in http://stackoverflow.com/questions/323536/asp-net-how-to-get-list-of-groups-in-active-directory actually works!


    So now I have established that my active directory group is indeed accessable in c# (GetGroups), however when I get a list of groups that I belong to the "SG MOEST Application Developer group" is not in that list! (I can see that I am a member through explorer... although in the explorer view it does not show the actual user name, just the full name)


    Tuesday, September 8, 2009 10:12 PM
  • User386189764 posted

    Ausome,

    I just found that my problems were related to AD cashing, resetting my machine fixed the problem!


    Now I just need to work out how I can use AD to manage my database security

    Tuesday, September 8, 2009 11:06 PM