I had to write some quick code for a project at work where I needed to audit a group of users and confirm if the user appeared in a predefined Active Directory group. There are a number of examples online, and I read some interesting approaches from authors at:
- Find what Active Directory groups a user is in
- Create a SQL Server view of your Active Directory users
- How to: (Almost) Everything in Active Directory via C#
- Searching the Directory
- Quick List for C# Code Examples
Below is a an early release of what I ended up using. Feedback if any would be appreciated.
using System;
using System.Collections;
using System.Configuration;
using System.Data;
using System.DirectoryServices;
using OrganizationNameAD;
namespace OrganizationNameAD
{
class Program
{
static void Main()
{
String result = string.Empty;
String strUserName = string.Empty;
String strLDAP = string.Empty;
String strGroupName = string.Empty;
strUserName = "UserNameToCheck";
strLDAP = "LDAP://OU=Organization,DC=Subdomain,DC=Domain,DC=TLD";
strGroupName = "CN=GroupName,OU=GroupContainer,OU=Other,DC=Subdomain,DC=Domain,DC=TLD";
result = GetAttribute(strLDAP, strUserName, "cn");
Console.WriteLine("CN " + result);
result = GetAttribute(strLDAP, strUserName, "memberOf");
Console.WriteLine("memberOf " + result);
result = IsGroupMember(strLDAP, strUserName, strGroupName);
Console.WriteLine("Group " + result);
}
public static string GetAttribute(string strLDAPPath, string strsAMAccountName, string strAttribute)
{
string result = string.Empty;
SearchResultCollection srcResults = null;
try
{
DirectoryEntry de = new DirectoryEntry(strLDAPPath);
DirectorySearcher ds = new DirectorySearcher(de);
ds.Filter = "(&(objectClass=user)(objectCategory=person)(sAMAccountName=" + strsAMAccountName + "))";
srcResults = ds.FindAll();
foreach (SearchResult srResult in srcResults)
{
result = GetProperty(srResult, strAttribute);
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
result = ex.Message;
}
finally
{
// To prevent memory leaks, call SearchResultCollection.Dispose()
if (srcResults != null)
{
srcResults.Dispose();
srcResults = null;
}
}
return result;
}
public static string GetProperty(SearchResult srSearchResult, string strPropertyName)
{
string result = string.Empty;
if (srSearchResult.Properties.Contains(strPropertyName))
{
result = srSearchResult.Properties[strPropertyName][0].ToString();
}
else
{
result = "Attribute not found";
}
return result;
}
public static string IsInActiveDirectory(string strLDAPPath, string strsAMAccountName)
{
string result = string.Empty;
SearchResult srResult = null;
try
{
DirectoryEntry de = new DirectoryEntry(strLDAPPath);
DirectorySearcher ds = new DirectorySearcher(de);
ds.Filter = "(&(objectClass=user)(objectCategory=person)(sAMAccountName=" + strsAMAccountName + "))";
srResult = ds.FindOne();
if (srResult != null)
{
result = "Yes";
}
else
{
result = "No";
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
result = ex.Message;
}
return result;
}
public static string IsGroupMember(string strLDAPPath, string strsAMAccountName, string strGroupName)
{
string result = "No";
SearchResultCollection srcResults = null;
SearchResult srResult = null;
ResultPropertyValueCollection rpvcResult = null;
try
{
DirectoryEntry de = new DirectoryEntry(strLDAPPath);
DirectorySearcher ds = new DirectorySearcher(de);
ds.Filter = "(&(objectClass=user)(objectCategory=person)(sAMAccountName=" + strsAMAccountName + "))";
srResult = ds.FindOne();
// Create a ResultPropertyValueCollection object to get the values for the
// memberOf attribute for this user.
string propertyName = "memberOf";
rpvcResult = srResult.Properties[propertyName];
Console.WriteLine(rpvcResult[0].ToString());
foreach (Object propertyValue in rpvcResult)
{
if (propertyValue.ToString() == strGroupName)
{
result = "Yes";
}
}
}
catch (Exception t)
{
Console.WriteLine(t.Message);
}
finally
{
// To prevent memory leaks, call SearchResultCollection.Dispose() manually
if (srcResults != null)
{
srcResults.Dispose();
srcResults = null;
}
}
return result;
}
}
}