determining a group's membership in other groups

Hi,

 

How can I determine if a certain Active Directory group is a member of other groups?

Let’s say we have a group in Active Directory called ‘Microsoft Dallas Employees’ which contains the list of employees in Microsoft’s Dallas office. This group in turn belongs to a bigger group called Microsoft Employees. How do I use ‘Microsoft Dallas Employees’ as a search criteria and find out the other groups that this belongs to?

 

My environment is ASP.NET 2.0, C#, Active Dirtectory 2003 on  Windows server 2003

 

-Thanks

 

0
shiversticks
2/15/2006 7:54:10 PM
asp.net.active-directory-ldap 2291 articles. 0 followers. Follow

1 Replies
600 Views

Similar Articles

[PageSpeed] 30
Get it on Google Play
Get it on Apple App Store

The easiest way would be to use an attribute scope search (ASQ) and search on the group.  This would tell you if a group was a member of a group:

DirectoryEntry group = new DirectoryEntry("LDAP://CN=somegroup,DC=foo....");

using (group)
{
    DirectorySearcher ds = new DirectorySearcher(
        group,
        "(objectClass=group)",
        null,
        SearchScope.Base
        );

    ds.AttributeScopeQuery = "memberOf";
    using (SearchResultCollection src = ds.FindAll())
    {
        foreach (SearchResult sr in src)
        {
            Console.WriteLine("{0} is member of {1}", group.Name, sr.Path);
        }
    }
}


You would need to apply this recursively to find groups that were members of groups that were members, etc.

Ryan Dunn
Weblog
The Book
LDAP Programming Help
0
dunnry
2/22/2006 2:26:44 PM
Reply:

Similar Artilces:

Get User's Group on Active Directory
Hi! We have two servers, one running using an LDAP and the other using WinNT. I got the group/s of a particular user when logging on LDAP, but can't get the groups on WinNT. So my question is how can i return the group/s of a the logged user? DirectoryEntry entry = new DirectoryEntry("WinNT://DOMAIN/" + userLogged);return entry.Properties["FullName"].Value.ToString();// I tried entry.Properties["Group"].Value.ToString(), but to no effect.thanks. It's a little troublesome, but you should .Invoke the IADsMember::Groups method.  Read this entry here on how to do it and r...

How to retrieve all groups in active directory and members of a group?
Hi everyone, Looking through this forum, i have found good code on how to view what groups a member is attached to (i.e. memberof).  How to you search active directory and retrieve all the GROUPS only?  Also, how do you retrieve all the members attached to a specific group? Thanks Kevin Here is an MSDN article http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT02.asp I know, it may be more than what you need, but (hopefully) it answers your questions.   I went through the msdn article but there are many other things happening a...

Active Directory Group Membership
I have Active Directory logon working fine using only the web.config file in ASP .Net 2005. Here is a snippet from the web.config file <authentication mode="Forms">   <forms name=".ADAuthCookie" timeout="10"/>  </authentication>  <authorization>   <deny users="?"/>   <allow users="*"/>  </authorization>  <membership defaultProvider="MyADMembershipProvider">   <providers>    <add name="MyADMembershipProvider" type="S...

eDir 'Group' -> AD 'Distribution group'
I have a test environment set up with an Netware 6.5sp7 server box and a Windows Server 2003/AD/Exchange 2007 box. Installed IDM 3.5.1 on the Netware box, then installed the Active Directory driver on the AD box. If I create a new user in eDir, the user shows up on the AD box with a mailbox in Exchange. Just what one would expect. What I've noticed though is that if I have an existing group in eDir, or create a new one in eDir, what shows up on the AD box is an Exchange "Distribution Group". This object is correctly populated with the matching AD users as found ...

Active Directory Group Membership Synchronization
I am trying to synchronize group membership between eDirectory 8.7.3.6 with Active Directory on Win2k3 SP1 using Ident. Manager 2.0.1, and I noticed that if I change the group membership of a user account using iManager the group membership information propagates to Active Directory. However, if I change it using ldapmodify it does not get propagated and I get the following warning message: Unable to synchronize reference to <Path to my group> from attribute Group Membership What else do I need to change using ldapmodify for the group information to propagate? I thoug...

Groups of groups
I need to add groups of users to a new group. Is there a way or workaround to do this? A customer is telling me that you can do in AD... Thanks Miguel Cando, Yes AD can do nested groups but eDirectory can't. One way to get around it is to use Dynamic Groups or create a new container and place the objects in there instead if possible. In all my years I've never had the need for nested groups. -- ___________________________________________ Niclas Ekstedt, CNA/CNE/CNS/CLS Network Consultant/NSC Sysop InfraSystems Solutions There is no "group of groups&quo...

Option 'group' not grouping in datagrid
I wonder if anyone has some advice or suggestions on a problem I have. I've populated a datagrid and have a radiobutton in the first column which is for the users to select a row. The problem is that .net translates the names of the radiobutton, for example "optSelect" to "grdNames_ctl2_optSelect", with the ctl2 part of the name incrementing for each row! Of course when I come to run the page and check which radiobutton is checked, the page naturally returns more than one because the 'grouping' element is not cleared. I did discover a groupName el...

Active Directory
Is it possible to define exclusive group membership so that a user can be a member of 1 and only one of a set of security groups.  For example: Given 3 security groups: French, English and German. User Jbloggs can be a member of only one of the above so he can be in the German group OR the English group but not at the same time? Thanks Sorry, but no.  That is, there is no built-in support for this.  You can always try to enforce this logic with your own application, but group membership just does not work that way in AD (or ADAM). Ryan DunnWeblog The B...

Active Directory Domain Group missing from WindowsIdentity.GetCurrent().Groups
Hoping someone can offer some advice. I'm using Windows Authentication in my ASP .NET web application. I had our central IT department create an Active Directory domain group for me so I could provide authentication. I added myself to the group. I run the following code to return all the groups I belong to (including other domain groups on the same domain) and all groups are returned except this new group that's been created. Actually it was created a couple of months ago but I'm just getting around to working on this. Is there some refresh that needs to be done in order for me t...

Modifying user's group memberships using the System.DirectoryServices.Protocols (S.DS.P) Namespace
Hi everybody,I am connecting to an Active Directory server using the System.DirectoryServices.Protocols namespace (this is necessary as the AD server lives in a different, untrusted domain to the web server; and the ADSI security does not allow us to connect using the DirectoryEntry classes.)I am new to this namespace; but have made good progress recently. I can retrieve and modify user details, activate and deactivate their accounts, change their email address, telephone number, etc. and add new users into the directory. So I have got some familiarity with the classes and functionality whic...

superreview requested: [Bug 265651] Grouped by sort by sender doesn't group messages where the sender's name differs by quotedness : [Attachment 186522] proposed fix
David Bienvenu <bienvenu@nventure.com> has asked Scott MacGregor <mscott@mozilla.org> for superreview: Bug 265651: Grouped by sort by sender doesn't group messages where the sender's name differs by quotedness https://bugzilla.mozilla.org/show_bug.cgi?id=265651 Attachment 186522: proposed fix https://bugzilla.mozilla.org/attachment.cgi?id=186522&action=edit ------- Additional Comments from David Bienvenu <bienvenu@nventure.com> this makes it work for sender. ...

superreview granted: [Bug 265651] Grouped by sort by sender doesn't group messages where the sender's name differs by quotedness : [Attachment 186522] proposed fix
Scott MacGregor <mscott@mozilla.org> has granted David Bienvenu <bienvenu@nventure.com>'s request for superreview: Bug 265651: Grouped by sort by sender doesn't group messages where the sender's name differs by quotedness https://bugzilla.mozilla.org/show_bug.cgi?id=265651 Attachment 186522: proposed fix https://bugzilla.mozilla.org/attachment.cgi?id=186522&action=edit ...

Picking Group's Description from selected Group in User App
Hi All, I have 2 work flow where one is *adding *the group membership to the group and another one is *removing *the group membership from the group. In case of add, it is picking the description as *null* if description for the group is null. If description is not null, then it is picking the *DN *of the group. In case of remove, irrespective to the description whether it is *null or not null*, it is picking the *description *(It should pick the *DN *of the group if description not null). I have entity which provisions the selected user to the group. I wrote the following cod...

Compare a Group's objectSid to a user's primaryGroupId
Dunnry, this question is related to my quest that you solved yesterday about how to get a primary group for a user. The difference is this time I try to a a list of users that are member of a given group.When using the member property to get a list of members of a given Group (e.g. GroupA), it didn't list those users whose primaryGroup is GroupA. So I am thinking to use a filter like (primaryGroupID= GroupA's Objectsid) when search users.However, the GroupA's objestSid is byte[] type, and the primaryGroupID is int type. Though the method in yesterday's post "CreatePrimaryGroupSID" ...

Web resources about - determining a group's membership in other groups - asp.net.active-directory-ldap

Complementarity determining region - Wikipedia, the free encyclopedia
Complementarity determining regions ( CDRs ) are part of the variable chains in immunoglobulins (antibodies) and T cell receptors , generated ...

Determining Business Value
... What I will attempt to do in this blog is provide a model for looking at business value focusing on the portfolio [...] The post Determining ...

Determining Sea Level
It’s much more complicated than you think:


Mac notebooks: Determining battery cycle count
For computers with Mac OS X v10.4.x or later, use the steps in this article to determine the cycles on your Mac notebook's battery.

Determining Valuation Multiples
Last week on MBA Mondays, I talked about valuing an internet marketplace business. In that post, I talked about using 1x gross marketplace transactions ...

An alternative method for determining defensive WAR
... that David Wright is a scratch defender at third, but the data produces blips from year to year, maybe the data isn't right. Maybe when determining ...

NBA Preseason Determining Destinies for Houston Rockets Bench
HOUSTON—It’s the night of Oct. 13, 2014, and the Houston Rockets are hosting the Phoenix Suns . Dwight Howard and James Harden are sitting this ...

"The federal health care exchange is incorrectly determining that some people are eligible for Medicaid ...
"... leaving them with little chance to get the subsidized insurance they are entitled to as the Dec. 23 deadline for enrollment approaches." ...

DETERMINING IF WE NEED ANOTHER BUSH AS PRESIDENT: Using the Common Core Method
... invested by dousing it in gasoline and then applying a lit sparkler. Best, Doug For the rest of America, there's this: MT @darmercurio: Determining ...

Resources last updated: 1/3/2016 2:05:59 AM