I have seen a few questions that are like mine, but none that actually apply. The problem I am facing is:
I need to get group membership of User with:
- Group in Domain B
- User in domain A.
- Service in domain B.
- Forrest to Forrest 2-way trust.
User attaches to service and service gets WindowsIdentity object with SID, name, etc.
In order to get group membership, I am using a UserPrincipal object. In order to get that, you need a PrincipalContext object. The constructor for the PrincipalContext object needs the FQDN of the domain (i.e. A.some.domain.com). The WindowsIdentity object has the NetBios domain name in the username (i.e. A\User), but I cannot see a way to get the DNS name.
Here is an example of code that has the DNS name HARD CODED, that works, but I need to take out the hard coded part.
-- WindowsIdentity wi (passed into the method) --
PrincipalContext context = new PrincipalContext(ContextType.Domain, "A.some.domain.com");
UserPrincipal userPrincipal = UserPrincipal.FindByIdentity(context, IdentityType.Sid, wi.User.ToString());
I have another solution that uses impersonation, using System.DirectoryServices.ActiveDirectory.Domain.GetCurrentDomain().Name, but that is not acceptable because impersonation may not be available. I need a solution that will work with TokenImpersonationLevel.Identification
I have spent several days scouring MSDN and Google (including Stack Overflow) to no avail.