LDAP Query to List All Groups User is a Member of?

Donut picture Donut · Sep 4, 2009 · Viewed 7.3k times · Source

Given a username, how would I go about writing an LDAP query that will return all groups that the user is a member of?

Answer

marc_s picture marc_s · Sep 4, 2009

Are you on .NET 3.5 ??

If so, check out this excellent MSDN article Managing Directory Security Principals in the .NET Framework 3.5 which shows the new feature for user and groups management in .NET 3.5.

In this case, you need a principal context (e.g. your domain):

PrincipalContext domainContext = 
   new PrincipalContext(ContextType.Domain, "YourDomain");

and then you can pretty easily find the user:

UserPrincipal user = UserPrincipal.FindByIdentity(principalContext, "username");

and the "UserPrincipal" object has a method called "GetAuthorizationGroups" which returns all groups the user is a member of:

PrincipalSearchResult<Principal> results = user.GetAuthorizationGroups();

// display the names of the groups to which the
// user belongs

foreach (Principal result in results)
{
    Console.WriteLine("name: {0}", result.Name);
}

Pretty easy, huh?

It's a lot more work in .NET before 3.5, or in "straight" LDAP from some other language (PHP, Delphi etc.).

Marc