Contact US

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Microsoft: ASP.NET FAQ

Active Directory and ASP.NET

How to obtain the list of Groups a user belongs to by AgentM
Posted: 5 Oct 04 (Edited 7 Oct 04)

Special thanks to Glowworm27 and AtomicChip for the FAQ How to use Active Directory with ASP.NET using LDAP? This article continues where they left off.

This FAQ discusses how to obtain the list of different Groups an ADS user belongs to. My application uses the userÆs group membership to determine access to different functions. Thus, there is no need to maintain separate access lists.

Before using the code make sure you import System.DirectoryServices and if needed get the windows username using HttpContext.Current.User.Identity.Name . The above-mentioned   FAQ has more information.

Now letÆs get into the code. I created a function  called GetUserGroups which has the following input :-

a)logged on username  - Make sure there is no domain name here, just the username
b)domain account û an account that has access to read ADS eg. Domainname\username
c)password for the domain account in (b)
d)domain name. û this could be domainname.com or subdomainname.domainname.com etc.

The function returns a string value consisting of all the groups a user belongs to.


Public Function GetUserGroups(ByVal strUserName As String, ByVal strAdminUserId As String, ByVal strAdminPwd As String, ByVal strDomain As String) As String
First you need to find the username in ADS, then get the LDAP path to that object, then use the property ômemberofö to obtain the list of groups.


  Dim deentry As DirectoryEntry = New DirectoryEntry("LDAP://" & Trim(strdomain), Trim(strAdminUserId), Trim(strAdminPwd))
  Dim dsSearcher As DirectorySearcher = New DirectorySearcher(deentry)
  dsSearcher.Filter = ("(sAMAccountName=" & strUserName & ")")
  Dim srresult As SearchResult = dsSearcher.FindOne
  Dim userpath AS string = trim(srresult.path)

    à..More code coming hereà.

Catch ex As Exception
        Dim debug As String = ex.Message
        GetUserGroups= debug

End Try

srresult.path gives the LDAP path to the user object in ADS. The path will be in the form
ôLDAP:\\ CN= LastName, FirstName,  DC=DOMAIN , etcà.

For testing purposes if you just want to find the LDAP path to an object the best way is to use the program ADSI Edit.
You can get this program from the Windows 2000 tools on the CD.

Once we have the LDAP path to the object then all we have to do is create another directory entry using this path and then loop through the property collection or just direct the search result to what we want.


    æConnect to the object
Dim mySearchRoot As DirectoryEntry = New DirectoryEntry (userpath,strAdminUserId,strAdminPwd)

Dim myDirectorySearcher As New DirectorySearcher(mySearchRoot)

æGet only the result for the property ômemberofö
æIf you remove the above line then the program will iterate through all the properties.

Dim mySearchResult As SearchResult = myDirectorySearcher.FindOne()
æMaking sure we have results
If Not (mySearchResult Is Nothing) Then

   Dim strGrpList As String = ""
   Dim myCollection As Object

   For Each myCollection In mySearchResult.Properties("memberof")

     æRemoving extra LDAP path information from the collection
     æ You may want to modify it as per your requirements
     strGrpList = strGrpList & Replace(Left(myCollection, InStr(myCollection, ",OU", CompareMethod.Text)), "CN=", "")

   Next myCollection

   GetUserGroups = tabl


   GetUserGroups = "Path Not Found or Object not found"

End if

I have used this function in a Class and want to use it as a web service so that other departments in my company can use it.
This link from Microsoft helped me a lot with this code; you can use the code sample in the link to perform other ADS functions http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfsystemdirectoryservicessearchresultclasstopic.asp

Hopefully, this FAQ has been helpful to other people.

Back to Microsoft: ASP.NET FAQ Index
Back to Microsoft: ASP.NET Forum

My Archive

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close