I'm in these two AD groups: Group1, Group2. Why would this same code return false for Group1 and true for Group2 when I'm in both groups?
var user = new WindowsPrincipal(WindowsIdentity.GetCurrent());
if (!user.IsInRole(groupName)) { return false; }
When I check with a third-party AD tool, I can see that I'm in both groups. I've seen that there are issues with the administrator role, but I'm just checking two normal AD groups. I'm not sure where to start figuring out why one returns false and the other returns true.
This completely different approach works:
var principalContext = new PrincipalContext(ContextType.Domain, "foo.bar:389", "dc=foo,dc=bar", "account", "pw");
using (var userPrincipal = UserPrincipal.FindByIdentity(principalContext, IdentityType.SamAccountName, principal.Identity.Name))
{
Console.WriteLine(userPrincipal.IsMemberOf(principalContext, IdentityType.SamAccountName, groupName)); // RETURNS TRUE
}
EDIT
I used a free AD tool to try and spot some differences between the two groups. The only real thing I found is that the parent containers are different. Could this have anything to do with the issue?
Parent Container
Group 1: Security Groups/NonLocationSpecific/domain.LOCAL
Group 2: CityName/Security Groups/NonLocationSpecific/domain.LOCAL
