You need to check the path of the LDAP connection that you are making to communicate with the Active Directory server.
For example:
DirectoryEntry rootDSE = null;
rootDSE = new DirectoryEntry("LDAP://OU=" + department + ",OU=Users,OU=" + ou + ",dc=corp,dc=local", username, password);
Now in that case I need only groups that exist in Department → Users → OU → DC
Same as in your case. You can define on which OU your security group exist.
After that I can fetch a group like this:
DirectorySearcher ouSearch = new DirectorySearcher(rootDSE);
ouSearch.PageSize = 1001;
ouSearch.Filter = "(objectClass=group)";
ouSearch.SearchScope = SearchScope.Subtree;
ouSearch.PropertiesToLoad.Add("name");
SearchResultCollection allOUS = ouSearch.FindAll();
foreach (SearchResult oneResult in allOUS)
{
dt.Rows.Add(oneResult.Properties["name"][0].ToString());
}
rootDSE.Dispose();
Now in case of permissions
Permissions are stored on the individual file system items, e.g. files and/or directories - or other objects (like registry keys, etc.). When you have an AD group or user account, you can read its SID (Security Identifier) property - that SID will show up in ACLs (Access Control Lists) all over Windows - but from the user or group, there's no mechanism to get all permissions it might have anywhere in the machine/server.
Permissions for files and directories can e.g. be retrieved using the .GetAccessControl() method on the FileInfo and DirectoryInfo classes:
FileInfo info = new FileInfo(@"D:\test.txt");
FileSecurity fs = info.GetAccessControl();
DirectoryInfo dir = new DirectoryInfo(@"D:\test\");
DirectorySecurity ds = dir.GetAccessControl();
I hope this is what you are looking for!
