Searching Active Directory Users Only in Specified Group in C#

0
votes

I have been struggling to find a good way to query out the members of a specified AD Group.

I have no issues in finding the group, or even querying users based on criteria.

currently I have

 PrincipalContext context = new PrincipalContext(ContextType.Domain, _domain, ADServerUser, ADServerPassword);
 UserPrincipal userPrinciple = new UserPrincipal(context);
 userPrinciple.GivenName = "stringToSearchForFirstName";
 userPrinciple.Name = "stringToSearchForUserName";
 userPrinciple.Surname = "stringToSearchForLastName";
 PrincipalSearcher srch = new PrincipalSearcher(new UserPrincipal(context));                    
 srch.QueryFilter = userPrinciple;
 var result = srch.FindAll();

This give me all the users that I want, however it doesn't filter the group down.

I can use the GroupPrinciple Object along with the principal search, but then I can't filter down the Users.

I kind of want a way to be able to apply both a UserPrincipal and GroupPrincipal to filter the returned results by BOTH Group and User parameters.

I've used a linq where clause to try and do a match to see if the user is in a group but when i get all users the query times out. makes sense over all.

However if i query out the group, I have no way of using the principalSearcher to apply the query.

Any ideas on how to do this?

2
c#.netactive-directory
Blast_dan, please show the method that this code is in. In it's really hard to determine how you defined pFirstName, pUserName, pLastName and contextMethodMan
they are simple method properties. strings.Blast_dan
I see one of your problems Blast_dan, where are you passing the group to search on..?MethodMan
Thats the issue, I don't know how to pass in the group to search on.Blast_dan

2 Answers

2
votes
PrincipalContext ctx = new PrincipalContext(ContextType.Domain, _domain);
// get the AD Group you are wanting to Query
GroupPrincipal group = GroupPrincipal.FindByIdentity("cn=YourGroupname");
foreach(Principal p in group.Members)
{
    //do what ever coding you need to do here            
}
1
votes

From my research I have concluded that using the Principal Objects to be able to filter on both group and user parameters is not possible. we needed to revert to using query string methods to AD to solve the issue.