none
How can I programatically query list of Active Directory Security Groups user is member of

    Question

  • I am writing a custom WebPart and as part of the business logic I am required to make some decisions based on the user's membership in selected Security Groups in Active Directory. My question is:

    How can I programmatically get a list of Active Directory (not SharePoint groups) security groups the current user is a member of. Is this information available in the User Profile and if not, can I make it part of the User Profile using "profile synchronization connection"?

    Thank you.

    Rex

    Friday, April 23, 2010 9:24 PM

Answers

  • Rex,

    Try this out. Basically hitting AD with the users login name. If you are using elevated privs on te web( your the service account) its gonna hose as it will return SHAREPOINT\YourLoginName instead of your domain name. You need to do some substring magi on it when this is the case.



    DirectorySearcher search = new DirectorySearcher();
    search.Filter = String.Format("(cn={0})", SPContext.Current.Web.CurrentUser.LoginName);
    search.PropertiesToLoad.Add("memberOf");
    List<string> Groups = new List<string>();
    SearchResult result = search.FindOne();
     if (result != null)
     {
    
     foreach(string MyGroup in result.Properties["memberOf"])
     {
       Groups.Add(MyGroup);
     }
    
    
     }
    
    
    • Edited by JosephIM Saturday, April 24, 2010 6:39 AM code block looked really hosed
    • Proposed as answer by JosephIM Saturday, April 24, 2010 6:42 AM
    • Marked as answer by Margriet BruggemanMVP Friday, March 30, 2012 8:45 AM
    Saturday, April 24, 2010 6:35 AM

All replies

  • No, it's not part of the sharepoint API. Do you need to ask for all the gorups-- or can you just use the IPricipal IsInRole to check for a specific group membership?
    Daniel Larson, SharePoint MVP, MS Press Author, NewsGator Software Developer Check out my books on Amazon: - Inside Microsoft Windows SharePoint Services 3.0 (with Ted Pattson) - Developing Service Oriented AJAX Applications on the Microsoft Platform (.NET 3.5, WCF, Microsoft AJAX)
    Friday, April 23, 2010 9:34 PM
  • I need to do both, in some cases IsInRole is sufficient, but in other cases I need to present in UI list of security groups.
    Friday, April 23, 2010 9:50 PM
  • Rex,

    Try this out. Basically hitting AD with the users login name. If you are using elevated privs on te web( your the service account) its gonna hose as it will return SHAREPOINT\YourLoginName instead of your domain name. You need to do some substring magi on it when this is the case.



    DirectorySearcher search = new DirectorySearcher();
    search.Filter = String.Format("(cn={0})", SPContext.Current.Web.CurrentUser.LoginName);
    search.PropertiesToLoad.Add("memberOf");
    List<string> Groups = new List<string>();
    SearchResult result = search.FindOne();
     if (result != null)
     {
    
     foreach(string MyGroup in result.Properties["memberOf"])
     {
       Groups.Add(MyGroup);
     }
    
    
     }
    
    
    • Edited by JosephIM Saturday, April 24, 2010 6:39 AM code block looked really hosed
    • Proposed as answer by JosephIM Saturday, April 24, 2010 6:42 AM
    • Marked as answer by Margriet BruggemanMVP Friday, March 30, 2012 8:45 AM
    Saturday, April 24, 2010 6:35 AM