Search LDAP for user permissions with VB.NET

Question

I'm trying to get some information from Active Directory with VB.NET. I have the "primaryGroupID" of a user, which is 2096 in this case. How can I get, with VB.NET, the CN of this group?

Ultimately, what I need to do is find a list of groups that a user belongs to (including groups that belong to another group). I already have a function that gets the main groups except for the primary group, and another function that returns the ID of the primary group. Both detailed below.

Public Function getUserGroups(ByVal Username)
    Dim grupos As New ArrayList()
    Try
        Dim Entry As New System.DirectoryServices.DirectoryEntry(ldapPath, ldapAdminUser, ldapAdminPass)
        Dim Searcher As New System.DirectoryServices.DirectorySearcher(Entry)
        Searcher.SearchScope = DirectoryServices.SearchScope.Subtree
        Searcher.Filter = "(&(objectcategory=user)(SAMAccountName=" & Username & "))"
        Dim res As SearchResult = Searcher.FindOne

        For i = 0 To res.Properties("memberOf").Count() - 1
            grupos.Add(res.Properties("memberOf")(i).ToString)
        Next
    Catch ex As Exception
    End Try
    Return grupos
End Function


Public Function GetUserPrimaryGroupID(ByVal user As String) As String
    Dim grupoID As String = ""
    Try
        Dim Entry As New System.DirectoryServices.DirectoryEntry(ldapPath, ldapAdminUser, ldapAdminPass)
        Dim Searcher As New System.DirectoryServices.DirectorySearcher(Entry)
        Searcher.SearchScope = DirectoryServices.SearchScope.Subtree
        Searcher.Filter = "(&(objectcategory=user)(SAMAccountName=" & user & "))"
        Dim res As SearchResult = Searcher.FindOne

        For i = 0 To res.Properties("primaryGroupID").Count() - 1
            grupoID = (res.Properties("primaryGroupID")(i).ToString) 'Esto devuelve la ruta "CN" del grupo
            'grupoID = (res.Properties("primaryGroupID")(i).ToString)
            'Dim de As DirectoryEntry = New DirectoryEntry("LDAP://" + res.Properties("primaryGroupID")(i).ToString())
        Next
    Catch ex As Exception
    End Try
    Return grupoID
End Function

score 0 · Answer 1 · answered Jun 13 '12 at 13:49

0

There's a VBScript sample here - http://support.microsoft.com/kb/297951.

Essentially the primary group ID is the RID (the last component of the SID) of a group. So to find the group, you concatenate the domain SID and the primary group ID together.

answered Jun 13 '12 at 13:49

Brian Desmond

4,473
1
13
11

Thanks Brian for your reply. I didn´t know you could get it that way. I tried the code they mention in the website and I could not find a way to make it work in VB.Net. I'm not very familiar with VBS. Is there any other example to do this same thing in VB.NET? I also tried "translating" the code from VBS with no luck :( – guillerone Jun 14 '12 at 08:01
Here's a C# sample - http://stackoverflow.com/questions/1179858/can-you-find-an-active-directory-users-primary-group-in-c – Brian Desmond Jun 14 '12 at 21:21
Hi again Brian. Your hint was defenitelly helpful! I'm still strugling with a problem because my functions work on a PC in the domain but they don´t on a PC that is not in the domain. Weird.... I'll post the code in VB.Net once I get it sorted so people can get it done. Thanks for your help, and if you know how to solve the domain problem, let me know! ^^ – guillerone Jun 19 '12 at 08:51
I'd expect the issue is either with credentials or how you're passing the server/search root info to the constructor of `DirectoryEntry`. – Brian Desmond Jun 19 '12 at 14:16

Search LDAP for user permissions with VB.NET

1 Answers1