Can you find the main Active Directory user group in C #?

Question

Can you find the main Active Directory user group in C #?

I am working on an application that manages user accounts in Active Directory. I use the System.DirectoryServices.AccountManagement namespace anywhere, but I cannot figure out how to define the main user group. When I try to delete a group that is the main group of the user, I get an exception. Here is my current code:

private void removeFromGroup(UserPrincipal userPrincipal, GroupPrincipal groupPrincipal) { TODO: Check to see if this Group is the user primary group. groupPrincipal.Members.Remove(userPrincipal); groupPrincipal.Save(); }

Is there a way to get the name of the user's primary group so that I can perform some validation before trying to remove the user from this group?

+4

c # c # -3.0 active-directory

Andy may Jul 24 '09 at 19:57

source share

3 answers

marc_s · Answer 1 · 2009-07-24T21:25:15+0000

This is a rather dirty and attractive business, but this piece of code from my BeaverTail ADSI Browser, which I wrote completely in C # (in .NET 1.1 days) and, as you know, works - is not very, but functional:

 private string GetPrimaryGroup(DirectoryEntry aEntry, DirectoryEntry aDomainEntry) { int primaryGroupID = (int)aEntry.Properties["primaryGroupID"].Value; byte[] objectSid = (byte[])aEntry.Properties["objectSid"].Value; StringBuilder escapedGroupSid = new StringBuilder(); // Copy over everything but the last four bytes(sub-authority) // Doing so gives us the RID of the domain for(uint i = 0; i < objectSid.Length - 4; i++) { escapedGroupSid.AppendFormat("\\{0:x2}", objectSid[i]); } //Add the primaryGroupID to the escape string to build the SID of the primaryGroup for(uint i = 0; i < 4; i++) { escapedGroupSid.AppendFormat("\\{0:x2}", (primaryGroupID & 0xFF)); primaryGroupID >>= 8; } //Search the directory for a group with this SID DirectorySearcher searcher = new DirectorySearcher(); if(aDomainEntry != null) { searcher.SearchRoot = aDomainEntry; } searcher.Filter = "(&(objectCategory=Group)(objectSID=" + escapedGroupSid.ToString() + "))"; searcher.PropertiesToLoad.Add("distinguishedName"); return searcher.FindOne().Properties["distinguishedName"][0].ToString(); }

Hope this helps.

Mark

Michael morton · Answer 2 · 2009-07-24T20:19:40+0000

The RID of the primary user group is stored in the attribute 'primaryGroupID' of the user object. To get this value, you will have to get a DirectoryEntry for this user (or a user of another API). After receiving this value, you will have to translate it into the SID for the main group, and then get the group from this.

There is an article in KB, which contains more detailed information about this, as well as VB code, where you can find the main group: http://support.microsoft.com/kb/297951

lanlantu · Answer 3 · 2011-05-12T20:48:01+0000

  using (PrincipalContext context = XXX) { //get the group using (GroupPrincipal groupPrincipal = GroupPrincipal.FindByIdentity(context,IdentityType.SamAccountName, group)) { if (groupPrincipal != null) { //get the user using (UserPrincipal userPrincipal = UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, userName)) { if (userPrincipal != null) { returnValue = userPrincipal.IsMemberOf(groupPrincipal); } } } } }

Can you find the main Active Directory user group in C #?

More articles: