ActiveDirectory DirectorySearcher: Check if user is member of a group

4
votes

I want to know if a given user is member of a group or not. Now, I don't know much about ActiveDirecory or Exchange servers, but in Outlook I can see that a user can be "memberOf" a group (and i can query those groups with DirectorySearcher.PropertiesToLoad.Add("memberof");), but there are also other groups that users are not actively members of, but that contain users. If you mail to those groups (or aliases) you reach all the users contained in it.

Basically, given a username (like DOMAIN\JDoe), how to check if it is contained in the group FUNNY_USERS in C#?

3
c#active-directory

3 Answers

12
votes

Use the System.DirectoryServices.AccountManagement namespace added in .Net 3.5 if it's available. Here's an example for group checking:

using(var pc = new PrincipalContext(ContextType.Domain))
using(var user = UserPrincipal.FindByIdentity(pc, IdentityType.SamAccountName, "DOMAIN\JDoe"))
using(var group = GroupPrincipal.FindByIdentity(pc, "FUNNY_USERS"))
{
    return user.IsMemberOf(group);
 }
1
votes

The users you see in Outlook is probably distribution groups. There are distribution groups and security groups in Active Directory. It seems like you want to check for either/or.

See my post at this similar question for an example in C# using only ldap calls