Find if an user is part of an AD group

Question

Find if an user is part of an AD group

37 Views Asked by MarcoC At 05 March 2024 at 16:03

I have tried various ways to get the groups associated to an user of the Active Directory, but every method is quite slow.

using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, domain.Text, username.Text, password.Text))
{
    UserPrincipal user = UserPrincipal.FindByIdentity(pc, IdentityType.SamAccountName, username.Text);

    if (user != null)
    {
        int userGroupTmp = 0;

        var group1Principal = GroupPrincipal.FindByIdentity(pc, IdentityType.Name, group1.Text);
        var group2Principal = GroupPrincipal.FindByIdentity(pc, IdentityType.Name, group2.Text);
        var group3Principal = GroupPrincipal.FindByIdentity(pc, IdentityType.Name, group3.Text);
        var group4Principal = GroupPrincipal.FindByIdentity(pc, IdentityType.Name, group4.Text);

        if (group1Principal != null && user.IsMemberOf(group1Principal))
        {
            userGroupTmp = 1;
        }
        else if (group2Principal != null && user.IsMemberOf(group2Principal))
        {
            userGroupTmp = 2;
        }
        else if (group3Principal != null && user.IsMemberOf(group3Principal))
        {
            userGroupTmp = 3;
        }
        else if (group4Principal != null && user.IsMemberOf(group4Principal))
        {
            userGroupTmp = 4;
        }
        // ...
    }
}

It seems that in any case it is slow. I've tried also with user.GetAuthorizationGroups() but I get the same results.

Any suggestion or different method to get the groups?

I've tried different methods and the expectation is a better performance in terms of timing.

Original Q&A

There are 2 best solutions below

ErkinD39 On 06 March 2024 at 13:33

You may use Get-ADPrincipalGroupMembership cmdlet.

Ex: Get-ADPrincipalGroupMembership -Identity Administrator

**MarcoC** · Accepted Answer · 2024-03-07T08:11:48.303000

I've solved it using another method found at this link: How to get the groups of a user in Active Directory? (c#, asp.net) The method working is the custom GetAdGroupsForUser2:

public static List<string> GetAdGroupsForUser2(string userName, string domainName = null)
{
    var result = new List<string>();

    if (userName.Contains('\\') || userName.Contains('/'))
    {
        domainName = userName.Split(new char[] { '\\', '/' })[0];
        userName = userName.Split(new char[] { '\\', '/' })[1];
    }

    using (PrincipalContext domainContext = new PrincipalContext(ContextType.Domain, domainName))
        using (UserPrincipal user = UserPrincipal.FindByIdentity(domainContext, userName))
            using (var searcher = new DirectorySearcher(new DirectoryEntry("LDAP://" + domainContext.Name)))
            {
                searcher.Filter = String.Format("(&(objectCategory=group)(member={0}))", user.DistinguishedName);
                searcher.SearchScope = SearchScope.Subtree;
                searcher.PropertiesToLoad.Add("cn");

                foreach (SearchResult entry in searcher.FindAll())
                    if (entry.Properties.Contains("cn"))
                        result.Add(entry.Properties["cn"][0].ToString());
            }

    return result;
}

Find if an user is part of an AD group

There are 2 best solutions below

Related Questions in ACTIVE-DIRECTORY

Related Questions in USERPRINCIPAL

Related Questions in PRINCIPALCONTEXT

Trending Questions

Popular # Hahtags

Popular Questions