1

I am trying to convert some old code to use new namespaces to get the users, groups, subgroups from active directory and insert them into DB. The new code is not returning the complete list of groups a user is associated to. Some of the groups the user is associated to is not returned by the new code.

Old Code :

       DirectorySearcher searcher = new DirectorySearcher(new DirectoryEntry(directoryPath));
        searcher.PageSize = 1000;
        searcher.Filter = "(&(objectCategory=user))";

        //adding these properties assist in assuring they are returned by Active Directory
        searcher.PropertiesToLoad.Add("memberOf");
        searcher.PropertiesToLoad.Add("member");
        searcher.PropertiesToLoad.Add("samaccountname");
        searcher.PropertiesToLoad.Add("cn");
        searcher.PropertiesToLoad.Add("description");
        searcher.PropertiesToLoad.Add("whencreated");
        searcher.PropertiesToLoad.Add("mail");

        SearchResultCollection resultUsers = searcher.FindAll();
        Dictionary<string, Group> groups = new Group().GetAllGroups(); //get the list of groups that were inserted into DB
        foreach (SearchResult resultUser in resultUsers)
        {
            DirectoryEntry userEntry = resultUser.GetDirectoryEntry();

            string userName = GetProperty(userEntry, "samaccountname"); //Custom method to get samaccountname

            //make sure the username exists
            if (userName.Length != 0)
            {

                User user = new User();

                //set user properties
                user.FullName = user.Email = GetProperty(userEntry, "cn");
                user.Email = GetProperty(userEntry, "mail");
                string createdDateString = GetProperty(userEntry, "whencreated");
                user.CreatedDate = (createdDateString.Length > 0) ? DateTime.Parse(createdDateString) : DateTime.MinValue;
                user.UserName = userName;
                user.DomainName = _dataSource.UserDomainName;

                //check to see if the account is disabled
                ActiveDs.IADsUser objIADsUser = (ActiveDs.IADsUser)userEntry.NativeObject;
                user.Inactive = objIADsUser.AccountDisabled;

                //save the user
                user.SaveNew();

                userEntry.RefreshCache(new string[] { "tokenGroups" });

                //now the attribute will be available
                int count = userEntry.Properties["tokenGroups"].Count;

                IdentityReferenceCollection irc = ExpandTokenGroups(userEntry).Translate(typeof(NTAccount));

                foreach (IdentityReference ir in irc)
                {
                    NTAccount testAccount;
                    bool isNTAccount = false;
                    try
                    {
                        testAccount = (NTAccount)ir;
                        isNTAccount = true;
                    }
                    catch
                    {

                    }

                    if (isNTAccount)
                    {
                        NTAccount account = (NTAccount)ir;
                        string groupName = account.Value.Split('\\')[1];

                        if (groups.ContainsKey(groupName.ToLower()))
                        {
                            Group group = groups[groupName.ToLower()];

                            //add user to group
                            UserGroupLink userGroupLink = new UserGroupLink();
                            userGroupLink.GroupId = group.GroupId;
                            userGroupLink.UserId = user.UserID;
                            userGroupLink.SaveNew();
                        }
                    }
                }
            }
        }

        //close connection to active directory
        searcher.Dispose();

New code:

    var section = (NameValueCollection)ConfigurationManager.GetSection("DataSource_ActiveDirectory1");
        string domainName = section["userDomainName"];
        string domainFilter = section["domainFilter"];
        PrincipalContext MyPrincipalContext = new PrincipalContext(ContextType.Domain, domainName, domainFilter); //Create your domain context
        GroupPrincipal FindAllGroups = new GroupPrincipal(MyPrincipalContext); //group principal to search for all group.
        UserPrincipal FindAllUsers = new UserPrincipal(MyPrincipalContext);    //user principal to search for all users.
        PrincipalSearcher UserSearcher = new PrincipalSearcher(FindAllUsers);  //search results for user
        PrincipalSearchResult<Principal> UserReults = UserSearcher.FindAll();  //find all users
        PrincipalSearcher MySearcher = new PrincipalSearcher(FindAllGroups);   //search results for groups
        PrincipalSearchResult<Principal> GroupResults = MySearcher.FindAll();  //search all groups
        ArrayList AllUsers = new ArrayList();
        foreach (Principal UserReult in UserReults)
        {
            UserPrincipal UserName = UserPrincipal.FindByIdentity(MyPrincipalContext, IdentityType.SamAccountName, UserReult.SamAccountName);
      //logic to save users to DB
        }
        foreach (Principal UserName in AllUsers)
        {
         foreach (Principal FindParentGroup in UserName.GetGroups())
            {
                string ParentGroupEntry = FindParentGroup.SamAccountName;

                if (ParentGroupEntry != null || ParentGroupEntry.Length > 0)
                 {
                         //Insert into DB
                 }
            }
        }
praveen
  • 95
  • 15
  • 1
    Take a look at http://stackoverflow.com/questions/5312744/how-to-determine-all-the-groups-a-user-belongs-to-including-nested-groups-in-a – oldovets Apr 19 '17 at 10:25

0 Answers0