All geek questions in one place

Get local groups, not primary groups for a domain user

I have code to get the groups the user belongs to.

try 
        {
            DirectoryEntry adRoot = new DirectoryEntry(string.Format("WinNT://{0}", Environment.UserDomainName));

            DirectoryEntry user = adRoot.Children.Find(completeUserName, "User");                
            object obGroups = user.Invoke("Groups");
            foreach (object ob in (IEnumerable)obGroups)
            {
                // Create object for each group.
                DirectoryEntry obGpEntry = new DirectoryEntry(ob);
                listOfMyWindowsGroups.Add(obGpEntry.Name);
            }
        return true;
        }
        catch (Exception ex)
        {
            new GUIUtility().LogMessageToFile("Error in getting User MachineGroups = " + ex);
            return false;
        }

the above code works fine when I need to find local user groups, but

for a domain user, it returns the value "Domain User", which is a kind of wierd, since it is part of 2 local groups.

Please help in solving this mystery. thank

Study

I made some conclusions and got that the main user group of the domain is returned to me

called the Domain User group

but what i really want is local machine groups that the domain user is part of ... i can't figure it out .. any suggestions

different code using LDAP

        string domain = Environment.UserDomainName;
        DirectoryEntry DE = new DirectoryEntry("LDAP://" + domain, null, null, AuthenticationTypes.Secure);
        DirectorySearcher search = new DirectorySearcher();

        search.SearchRoot = DE;         
        search.Filter = "(SAMAccountName=" + completeUserName + ")";  //Searches active directory for the login name

        search.PropertiesToLoad.Add("displayName");  // Once found, get a list of Groups

        try
        {
            SearchResult result = search.FindOne(); // Grab the records and assign them to result
            if (result != null)
            {
                DirectoryEntry theUser = result.GetDirectoryEntry();
                theUser.RefreshCache(new string[] { "tokenGroups" });
                foreach (byte[] resultBytes in theUser.Properties["tokenGroups"])
                {
                    System.Security.Principal.SecurityIdentifier mySID = new System.Security.Principal.SecurityIdentifier(resultBytes, 0);

                    DirectorySearcher sidSearcher = new DirectorySearcher();

                    sidSearcher.SearchRoot = DE;
                    sidSearcher.Filter = "(objectSid=" + mySID.Value + ")";
                    sidSearcher.PropertiesToLoad.Add("distinguishedName");

                    SearchResult sidResult = sidSearcher.FindOne();

                    if (sidResult != null)
                    {
                        listOfMyWindowsGroups.Add((string)sidResult.Properties["distinguishedName"][0]);
                    }
                }
            }
            else
            {
                new GUIUtility().LogMessageToFile("no user found");

            }
            return true;
        }

        catch (Exception ex)
        {

            new GUIUtility().LogMessageToFile("Error obtaining group names: " + ex.Message + " Please contact your administrator."); // If an error occurs report it to the user.
            return false;
        }

, " ". , some1 ...????

+3
2

.NET 3.5, System.DirectoryService.AccountManagement, . , UserPrincipal.GetAuthorizationGroups - , . , . , GroupPrincipal.Context.Name , . , GroupPrincipal.Context.Domain , .

PrincipalContext context = new PrincipalContext(ContextType.Domain, "yourdomain.com");
UserPrincipal userPrincipal = UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, "youruser"); 

foreach (GroupPrincipal group in userPrincipal.GetAuthorizationGroups())
{
    Console.Out.WriteLine("{0}\\{1}", group.Context.Name, group.SamAccountName);
}
+2

, , . .

- ;

DirectoryEntry AD = new DirectoryEntry("WinNT://" + Environment.MachineName + ",computer");
0

Source: https://habr.com/ru/post/1780970/

More articles:


All Articles