How can I see if user is admin or not in active directory using c#? Getting his groups names is not an option, because in different languages this roles names are different (администраторы, administrators, etc)
Asked
Active
Viewed 1,065 times
0
-
do you mean to check from the program itself if the user is admin or not? i dont know about active directory.. – Slashy Jul 25 '16 at 16:49
-
I have intranet site. Users login there with Windows authentification. Admin or not - how much permissions he will have. Active directory is a way to get user roles – Vlad Bayrak Jul 25 '16 at 17:08
2 Answers
1
How can I see if user is admin or not in active directory using c#?
I assume that "admin in active directory" means a literal admin of AD (ie. a member of the builtin Administrators group)
The built-in Administrators group will always have the same RID (relative identifier) - the last part of the object's security identifier - 544.
A sure-fire way to find the Administrators group is therefore straightforward:
- Instantiate a DirectoryEntry for the root object of the Default NC
- Read the objectSID attribute value on the root object
- Append the well-known RID (
-544) - Instantiate a DirectoryEntry based on the resulting SID (yes, you can do that)
DirectoryEntry dnc = new DirectoryEntry("LDAP://corp.domain.tld");
SecurityIdentifier domainSID = new SecurityIdentifier(dnc.Properties["objectSid"].Value);
string administratorsGroupSID = String.Format("{0}-544", domainSID);
string administratorsGroupSIDPath = String.Format("LDAP://<SID={0}>", administratorsGroupSID);
DirecoryEntry AdministratorsGroupDE = new DirectoryEntry(administratorsGroupSIDPath);
Grab th
Mathias R. Jessen
- 157,619
- 12
- 148
- 206
0
Vlad,
Querying AD to retrieve members of the Admin group has been asked before...
Server 2003 here as well as this too
Since your question seems to be concerned about differentiating the character string for "Administrator" in the installed language, wouldn't you simply have locale specific names for this in your resources/code?
