M
mkruluts
Guest
OK. I have code that will list all of the Active Directory Groups a specific user is a member of, with one exception. The target network for implementation is a Forest with many Domains.
The code will successfully return the following:
1) Global AD Security Groups (regardless of domain)
2) Local AD Security Groups (only those that reside on the same domain as user)
3) Universal AS Security Groups (regardless of domain)
The issue is, many users belong to AD Security Groups that are Local groups to a different domain. Is there any way to get a complete list?
private List<string> Groups(string UserName)
{
string[] _User = UserName.Split(\\);
string _Forest = Forest.GetCurrentForest().Name;
List<string> GroupData = new List<string>();
SearchResult _UserSearchResult = default(SearchResult);
using (DirectoryEntry _UserDirectoryEntry = new DirectoryEntry(string.Format("LDAP://{0}.{1}", _User[0], _Forest)))
{
using (DirectorySearcher _UserDirectorySearcher = new DirectorySearcher(_UserDirectoryEntry))
{
_UserDirectorySearcher.Filter = string.Format("(sAMAccountName={0})", _User[1]);
_UserSearchResult = _UserDirectorySearcher.FindOne();
if (_UserSearchResult != null)
{
using (DirectoryEntry _GroupsDirectoryEntry = new DirectoryEntry(_UserSearchResult.Path))
{
if (_GroupsDirectoryEntry.Properties["memberOf"].Value != null)
{
foreach (var _Child in (IEnumerable)_GroupsDirectoryEntry.Properties["memberOf"].Value)
{
GroupData.Add(_Child.ToString().Split(=)[1].Split(,)[0]);
}
}
}
}
}
}
}
Continue reading...
The code will successfully return the following:
1) Global AD Security Groups (regardless of domain)
2) Local AD Security Groups (only those that reside on the same domain as user)
3) Universal AS Security Groups (regardless of domain)
The issue is, many users belong to AD Security Groups that are Local groups to a different domain. Is there any way to get a complete list?
private List<string> Groups(string UserName)
{
string[] _User = UserName.Split(\\);
string _Forest = Forest.GetCurrentForest().Name;
List<string> GroupData = new List<string>();
SearchResult _UserSearchResult = default(SearchResult);
using (DirectoryEntry _UserDirectoryEntry = new DirectoryEntry(string.Format("LDAP://{0}.{1}", _User[0], _Forest)))
{
using (DirectorySearcher _UserDirectorySearcher = new DirectorySearcher(_UserDirectoryEntry))
{
_UserDirectorySearcher.Filter = string.Format("(sAMAccountName={0})", _User[1]);
_UserSearchResult = _UserDirectorySearcher.FindOne();
if (_UserSearchResult != null)
{
using (DirectoryEntry _GroupsDirectoryEntry = new DirectoryEntry(_UserSearchResult.Path))
{
if (_GroupsDirectoryEntry.Properties["memberOf"].Value != null)
{
foreach (var _Child in (IEnumerable)_GroupsDirectoryEntry.Properties["memberOf"].Value)
{
GroupData.Add(_Child.ToString().Split(=)[1].Split(,)[0]);
}
}
}
}
}
}
}
Continue reading...
