Remove From My Forums

see if a user is in a security group

Question

Sign in to vote

Sign in to vote

User-1232255770 posted

I have the following code , and i would like to filter if the user is in a security group.
i found the following code :

GroupPrincipal.FindByIdentity(principleContextGroup, "security group name")

how can i integrate this in the code below ?

 try
      {
        using (PrincipalContext principleContext = new PrincipalContext(ContextType.Domain, m_activeDirectoryServer, "OU=" + courseType + m_domainControllerString, userName: m_activeDirectoryUser, password: m_activeDirectoryPassword))
        using (UserPrincipal userPrincipal = new UserPrincipal(principleContext) { Name = "*", EmailAddress = "*" })
        using (PrincipalSearcher userSearcher = new PrincipalSearcher(userPrincipal))
        using (PrincipalSearchResult<Principal> results = userSearcher.FindAll())
        {
          foreach (UserPrincipal p in results)
          {
           
            allUsers.Add(new AdUser { DisplayName = p.DisplayName, EmailAddress = p.EmailAddress, ExpirationDateTime = p.AccountExpirationDate, Enabled = p.Enabled, OrganizationalUnit = courseType });
          }
        }
      }

Thanks

Thursday, January 14, 2021 2:08 PM

Answers

Sign in to vote

Sign in to vote

User1535942433 posted

Hi Bradly,

GroupPrincipal.FindByIdentity(principleContextGroup, "security group name")

how can i integrate this in the code below ?

As far as I think,it's another way to filter if the user is the part of the security group using GroupPrincipal.FindByIdentity.

You could do just like:

 using (PrincipalContext principleContext = new PrincipalContext(ContextType.Domain, m_activeDirectoryServer, "OU=" + courseType + m_domainControllerString, userName: m_activeDirectoryUser, password: m_activeDirectoryPassword))
   {
      using (UserPrincipal userPrincipal = new UserPrincipal(principleContext) { Name = "*", EmailAddress = "*" })
        {
           using(var grp = GroupPrincipal.FindByIdentity(principleContext , yourGroup))
           {
              if (grp.Members.Contains(userPrincipal))
                {
                    return true;
                }
           }
        }
   }

Best regards,

Yijing Sun

Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM

Friday, January 15, 2021 2:54 AM

All replies

Sign in to vote

Sign in to vote

User1535942433 posted

Hi Bradly,

GroupPrincipal.FindByIdentity(principleContextGroup, "security group name")

how can i integrate this in the code below ?

As far as I think,it's another way to filter if the user is the part of the security group using GroupPrincipal.FindByIdentity.

You could do just like:

 using (PrincipalContext principleContext = new PrincipalContext(ContextType.Domain, m_activeDirectoryServer, "OU=" + courseType + m_domainControllerString, userName: m_activeDirectoryUser, password: m_activeDirectoryPassword))
   {
      using (UserPrincipal userPrincipal = new UserPrincipal(principleContext) { Name = "*", EmailAddress = "*" })
        {
           using(var grp = GroupPrincipal.FindByIdentity(principleContext , yourGroup))
           {
              if (grp.Members.Contains(userPrincipal))
                {
                    return true;
                }
           }
        }
   }

Best regards,

Yijing Sun

Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM

Friday, January 15, 2021 2:54 AM

0

Sign in to vote
User-1232255770 posted

Hi Yij sun,

Thans for your answer, i need a list of all users in an OU and that are in a Security group in that OU,
How do i get this part in your code ? The foreach part to build the usersList

{ foreach (UserPrincipal p in results) { allUsers.Add(new AdUser { DisplayName = p.DisplayName, EmailAddress = p.EmailAddress, ExpirationDateTime = p.AccountExpirationDate, Enabled = p.Enabled, OrganizationalUnit = courseType }); } }

foreach (UserPrincipal p in results) { allUsers.Add(new AdUser { DisplayName = p.DisplayName, EmailAddress = p.EmailAddress, ExpirationDateTime = p.AccountExpirationDate, Enabled = p.Enabled, OrganizationalUnit = courseType }); }

Thank you,
Best regards, Bradly
Friday, January 15, 2021 11:27 AM

Sign in to vote

Sign in to vote

User-1232255770 posted

Figured it out see below

try
      {
        using (PrincipalContext principleContext = new PrincipalContext(ContextType.Domain, m_activeDirectoryServer, "OU=" + courseType.ActiveDirectoryOrginazationalUnit + m_domainControllerString, userName: m_activeDirectoryUser, password: m_activeDirectoryPassword))
        using (UserPrincipal userPrincipal = new UserPrincipal(principleContext) { Name = "*", EmailAddress = "*" })
        using (GroupPrincipal group = GroupPrincipal.FindByIdentity(principleContext, courseType.ActiveDirectoryGroup))
        using (PrincipalSearcher userSearcher = new PrincipalSearcher(userPrincipal))
        using (PrincipalSearchResult<Principal> results = userSearcher.FindAll())
        //using (PrincipalSearchResult<Principal> results = group.FindAll())
        {
          foreach (UserPrincipal p in results)
          {

            using (var grp = GroupPrincipal.FindByIdentity(principleContext, courseType.ActiveDirectoryGroup))
            {
              if (grp.Members.Contains(p))
              {
                allUsers.Add(new AdUser { DisplayName = p.DisplayName, EmailAddress = p.EmailAddress, ExpirationDateTime = p.AccountExpirationDate, Enabled = p.Enabled, OrganizationalUnit = courseType.ActiveDirectoryOrginazationalUnit });
              }
            }
            //allUsers.Add(new AdUser { DisplayName = p.DisplayName, EmailAddress = p.EmailAddress, ExpirationDateTime = p.AccountExpirationDate, Enabled = p.Enabled, OrganizationalUnit = courseType.ActiveDirectoryOrginazationalUnit });
          }
        }
      }

Sunday, January 17, 2021 2:16 PM