Finding the group details of an user in active directory

Question

We have an company called 'X' and its maintaining its users using Active Directory.'X' have bought a company 'Y' and 'Y' has its own AD. Users in Y can be added as a member of a group in X .

While searching for an user belonging to Y AD in the whole organisation (X+Y) we are able to fetch the data from Y only. But we need to check whether the user is an member in any group in X AD and if exists we need to fetch the user details.

Can somebody help in this case...:)

Might be easier to understand if you give use a hierarchy of your AD. (Just invent some names). Have you tried to get the nested goups of an user? You can try using the Property "tokengroups" (you need to load it into the catch first `entry.RefreshCache(new[] { "tokenGroups" });`). It returns a System.Security.Principal.SecurityIdentifier; Some solutions here http://stackoverflow.com/questions/4460558/how-to-get-all-the-ad-groups-for-a-particular-user — C0d1ngJammer, Apr 14 '15 at 14:52
@manuchao Hi..Thanks for the reply:))....We have already tried using token groups, but we are able to get the user information from only one directory,not from both. Company X AD-->Domain A -->Group 1 -->Group 2 Domain B -->Group 3 Company Y AD-> Only One Domain -->Group 4 A user is in Group 4 in Y AD and also in Group 2 (Domain A) in X AD. We are able to get info from Y AD only..bt v need Group 2 info also..Plz sugst — Ranga, Apr 15 '15 at 14:11
*memberOf* doesnt work either? Can you please show us the code where you are trying to get the nested groups? — C0d1ngJammer, Apr 15 '15 at 14:21
DirectorySearcher sch = new DirectorySearcher(new DirectoryEntry(ldap_root)); sch.Filter = String.Format("(&(!(userAccountControl:1.2.840.113556.1.4.803:=2))(objectCategory=user)(samaccountname={0}))", alias); sch.SearchScope = SearchScope.Subtree; sch.PropertiesToLoad.Add("memberOf");search.PropertiesToLoad.Add("objectSid"); StringBuilder sb = new StringBuilder(); SearchResult r1 = sch.FindOne(); DirectoryEntry u1 = r1.GetDirectoryEntry(); u1.RefreshCache(new string[]{"tokenGroups"}); foreach (byte[] sid in user.Properties["tokenGroups"]){sb.Append(String.Format("'{0}',", (sid));} Plz sugst — Ranga, Apr 16 '15 at 13:30

Ranga · Accepted Answer · 2020-07-24T23:13:58.080

Finally got the answer..

While using tokengroup we will be able to retrieve the user from only one AD. Instead get the groups of the user using and for getting the inner groups search in the groups obtained again.Below is the snippet which does that....Thanks

DirectorySearcher user_search1 = new DirectorySearcher(new DirectoryEntry(ldap_root1));

                user_search1.Filter = String.Format("(&(!(userAccountControl))(objectCategory=user)(samaccountname={0}))", alias);
                user_search1.SearchScope = SearchScope.Subtree;
                user_search1.PropertiesToLoad.Add("memberOf");
                user_search1.PropertiesToLoad.Add("objectSid");                  
                user_search1.PropertiesToLoad.Add("userprincipalname");

                SearchResult user_result1 = user_search1.FindOne();
                DirectoryEntry entry1 = new DirectoryEntry(user_result1.Path);
                foreach (var grp in entry1.Properties["memberOf"])
                {
                    groupnames1.Append(((grp.ToString().Split('=')[1].Split(',')[0])));
                    groupnames1.Append(";");
                    DirectorySearcher Groupsearch = new DirectorySearcher(new DirectoryEntry(ldap_root1));

                    Groupsearch.Filter = String.Format("(&(!(userAccountControl))(objectCategory=group)(samaccountname={0}))", ((grp.ToString().Split('=')[1].Split(',')[0])));
                    Groupsearch.SearchScope = SearchScope.Subtree;
                    Groupsearch.PropertiesToLoad.Add("memberOf");
                    SearchResult group_result1 = Groupsearch.FindOne();
                    if (group_result1 != null)
                    {
                        DirectoryEntry group1 = new DirectoryEntry(group_result1.Path);
                        //group1.RefreshCache(new string[] { "tokenGroups" });
                        //groupnames = null;
                        foreach (var grp1 in group1.Properties["memberOf"])
                        {
                            groupnames1.Append(((grp1.ToString().Split('=')[1].Split(',')[0])));
                            groupnames1.Append(";");
                        }
                    }
                }
                return groupnames1.ToString().Substring(0, groupnames1.Length - 1);

Finding the group details of an user in active directory

1 Answers1