locked
Getting users from AD group RRS feed

  • Question

  • HI

    I have a requirement to read all users from associated member group and add some data to their personal sites.If there are users then it is fine but if there are AD groups then it causes issue.

    To get users from AD group I have used the following

    var principalContext = new PrincipalContext(ContextType.Domain)

    GroupPrincipal.FindByIdentity

    To get the group details.This works fine when it is AD group but when the user gives like "X\domain users" the above code fails.We have lot of domain so it gives the detail in which the process is running not the  mentioned domain i.e. X . I tested this domain users  with SPutility.GetPrincipalsInGroup and I get only very few users.I have 6000 users in that domain and it gives only 8 users.  

    Any idea how to get all the users from AD group.I was thinking of some generic code which works in all the scenario. I can get the domain users from new PrincipalContext(ContextType.Domain,"x.com") but then we have to check for this special case everything I get the users from associated member group.

    There can be other cases possible so it would be better if we have some generic code or I need to handle based on cases

    Wednesday, July 16, 2014 11:41 AM

All replies

  • check this

    http://social.msdn.microsoft.com/Forums/en-US/bdb18864-24a7-43a8-80d1-05d3b241f591/how-to-get-the-users-from-active-directory-group-using-c?forum=sharepointdevelopmentprevious

    http://shermanstechnicalblog.blogspot.in/2012/09/programmatically-obtain-user.html

    Wednesday, July 16, 2014 12:44 PM
  • Try  below:

    http://sharepointrookie.wordpress.com/2008/07/13/display-site-members-from-ad-groups/

    /Query Active Directory to get users from Active Directory Groups

    public StringCollection GetGroupMembers(stringstrGroup)

    {StringCollection groupMemebers = new StringCollection(); 

    try

    {DirectoryEntry ent = new DirectoryEntry(LDAP://OU=youOU,DC=yourDC);

    DirectorySearcher srch = new DirectorySearcher(“(CN=” + strGroup + “)”);

    SearchResultCollection coll = srch.FindAll(); 

    foreach (SearchResult rs in coll)

    {ResultPropertyCollection resultPropColl = rs.Properties;

    foreach (Object memberColl in resultPropColl["member"])

    {DirectoryEntry gpMemberEntry = new DirectoryEntry(“LDAP://”+ memberColl);

    System.DirectoryServices.PropertyCollection userProps = gpMemberEntry.Properties;

    //getting user properties from AD

    object obVal = userProps["displayName"].Value;

    object obAcc = userProps["sAMAccountName"].Value;

    if (null != obVal) {

     groupMemebers.Add( “User Name:” +obAcc.ToString() + “, User login name:” + obVal.ToString() + “<br>”);}}}}

    catch (Exception ex)

    {//writer.Write(ex.Message);}

    Return groupMemebers;


    If this helped you resolve your issue, please mark it Answered

    Wednesday, July 16, 2014 12:49 PM
  • HI 

    The above is fine but the issue is how I am going to create DirectoryEntry  object. I can't hardcode the LDAP entry.Secondly I can't get this from SPUser object. Moreover will it work fine for special groups like "domain users","All authenticated users" or only AD groups.

    For Ad group I have already got the result.I wanted some generic interfaces which handles all the cases

    Thursday, July 17, 2014 6:06 AM
  •         protected bool CurrentUserIsMemberOfGroupAD(string groupName)
            {
                string userLogin = SPContext.Current.Web.CurrentUser.LoginName;
                bool check = false;
                // To get the right context, run with elevated privileges  
                SPSecurity.RunWithElevatedPrivileges(delegate()
                {
                    var principalContext = new PrincipalContext(ContextType.Domain);
                    var userPrincipal = UserPrincipal.FindByIdentity(principalContext, System.DirectoryServices.AccountManagement.IdentityType.SamAccountName, userLogin);
                    var group = GroupPrincipal.FindByIdentity(principalContext, groupName);
                    check = userPrincipal.IsMemberOf(group);
                });
    
                return check;
            } 
    Try to use this code to check if user is member of AD. Maybe you can use some parts of the code.
    Thursday, July 17, 2014 7:20 AM
  • Thanks

    I have already used this code in  for getting users from Ad group but this doesn't work if anyone enters "Domain users " so I was searching for some alternative which can take into account this cases

    Thursday, July 17, 2014 7:23 AM