3

I need to be able to get a list of the groups a user is in, but I need to have one/some/all of the following properties visible:

  • distinguishedname
  • name
  • cn
  • samaccountname

What I have right now returns some sort of name, but not any of the ones above (the names seem close, but don't all match correctly. This is what I am using:

ArrayList groups = new ArrayList();
foreach (System.Security.Principal.IdentityReference group in System.Web.HttpContext.Current.Request.LogonUserIdentity.Groups)
    groups.Add(group.Translate(typeof(System.Security.Principal.NTAccount)));

Like I said, the above works, but will not get me the proper names I need for my program (the ones specified above). I need this to be able to match up with the list I get while calling all of the groups in my domain:

DirectoryEntry dirEnt = new DirectoryEntry("LDAP://my_domain_controller");
DirectorySearcher srch = new DirectorySearcher(dirEnt);
srch.Filter = "(objectClass=Group)";
var results = srch.FindAll();
Per Noalt
  • 5,052
  • 2
  • 29
  • 20
naspinski
  • 34,020
  • 36
  • 111
  • 167
  • I just noticed that the return list for results is limited to 1000. I have more than 1000 groups in my domain (HUGE domain). How can I get more than 1000 records? Can I start at a later record? Can I cut it up into multiple searches? – naspinski Sep 18 '08 at 07:07
  • Set PageSize to something bigger, like: srch.PageSize = 5000 – Biri Sep 18 '08 at 07:15

1 Answers1

3

You cannot do this in one step, as groups are also separate AD entries with properties.

So in the first run you should get the group names a user is in and fill them in a list of some kind.

The second step is to go through all of the group names and query them one by one to get the group properties (like distinguishedname, and so on) and collect it to some kind of structure.

Biri
  • 7,101
  • 7
  • 38
  • 52