none
Using C# to query LDAP for group membership RRS feed

  • Question

  • Hi All, im hoping someone can help, i have manged to code a simple programme to query group membership. The code works and shows me AD groups however does not show me group membership which is shown in LDAP. 

    My code is below, hoping someone can help me

    Thanks in advance

        class Program
        {
            static void Main(string[] args)
            {
    
                UserPrincipal user = null;
               
                string userName = "xxxxxxx";
        //        Console.WriteLine("userName");
                PrincipalContext ctx = new PrincipalContext(ContextType.Domain, "domian address", "DC=xxx,DC=xxxxx,DC=xxxx,DC=xxxx");           
                {
                        if ((user = UserPrincipal.FindByIdentity(ctx, userName)) != null)
                        {
                            PrincipalSearchResult<Principal> groups = user.GetGroups();
                            foreach (GroupPrincipal g in groups)
                            {
                                Console.WriteLine(g.Name);
                            }
                        }
                 }
                Console.ReadLine();
            }
        }
    }



    Wednesday, July 11, 2018 2:48 PM

All replies

  • You're using GetGroups. It's subtle but the documentation specifies that this returns only direct membership. Use GetAuthorizationGroups to get all the group memberships.

    Michael Taylor http://www.michaeltaylorp3.net

    Thursday, July 12, 2018 2:37 PM
    Moderator
  • Hi Michael. Thank you for replying however i did find a knowledge base online which suggested this and when trying it, it just gives me an extended version of AD groups and nothing from LDAP / e-Directory
    Thursday, July 12, 2018 3:23 PM
  • e-directory as in NetIQ? I'm not sure you're going to get results from it. A quick google indicates issues. Some folks have tried using DirectoryServices directly.

    https://stackoverflow.com/questions/11672277/novell-edirectory-with-net-directoryservices

    https://stackoverflow.com/questions/46970729/how-to-find-a-users-group-with-ldap-in-c-sharp-core-2

    I'm not an AD guru so you might also need to rope in your network admins to help diagnose if it is just a connection/permission issue (cross domain trust, etc) or it simply won't work.


    Michael Taylor http://www.michaeltaylorp3.net

    Thursday, July 12, 2018 3:40 PM
    Moderator