Correct way to detect active directory object is belong to user or group?

Question

What is the correct way of detecting active directory object is belong to a group or user? Here is how I handle in C#:

foreach (SearchResult sr in src)
{
   if (sr.Properties["objectclass"].Contains("person") && sr.Properties["objectclass"].Contains("user"))
   {
      // USER ?
   }
   if (sr.Properties["objectclass"].Contains("group"))
   {
      // GROUP ?
   }
}

Your way can be good (isn't it objectClass?). the CN of a OU is : objectClass organizationalUnit the CN of a person is: objectClass person the CN of a group us: objectClass group An other way could be organizing your AD in such a way that if you retrieve the Path of the DirectoryEntry, you know it's a group or user — Bert Persyn, Oct 06 '16 at 13:27

score 2 · Accepted Answer · edited May 23 '17 at 12:00

2

if (sr != null)
{
    if(sr.Properties["objectCategory"] != null)
    {
       // objectType will be "Person" or "Group" (or something else entirely)
       string objectType = sr.Properties["objectCategory"][0].ToString();
       if (objectType == "Person")
       { 
          //It's a user
       }
       if (objectType == "Group")
       { 
          //It's a Group
       }
    }
}

Retrieved from: How to determine the type (AD User vs. AD Group) of an account?

edited May 23 '17 at 12:00

Community

1
1

answered Oct 06 '16 at 13:17

Ryan C

572
5
18

I actually wanted to determine object type of deleted object because objectCategory attribute is removed when an object is deleted. i asked new question [question link](http://stackoverflow.com/questions/39910792/how-to-determine-typeuser-or-group-of-a-deleted-active-directory-object-using) – DevÁsith Oct 07 '16 at 06:34

Correct way to detect active directory object is belong to user or group?

1 Answers1