Geek Answers Handbook

Get groups from Active Directory using C #

I'm having problems getting groups from Active Directory through System.DirectoryServices

Initially, I ran the application on a computer that was registered in a domain, but since it was a living domain, I did not want to make any entries in AD, which was the case, so I configured the Windows XP machine as the host operating system and installed server Windows 2003 on a virtual machine.

I added another Ethernet port to the computer and set the switch, 1 Ethernet port is for the virtual machine and the other is for the host.

After setting up the IP addresses to transfer them, I passed the application to the host machine and ran it, but I got a DirectoryServicesCOMException .

With the message that the username and password were invalid :( just to verify that this is not an active directory, I created a third virtual machine and installed Windows XP, which I added to the domain with the credentials verified in APP, it works.

Therefore, I thought that this should be because the machine on which the application is running is not part of the domain.

Here is the code block that caused the problem:

 public CredentialValidation(String Domain, String Username, String Password, Boolean Secure) { //Validate the Domain! try { PrincipalContext Context = new PrincipalContext(ContextType.Domain, Domain); //Throws Exception _IsValidDomain = true; //Test the user login _IsValidLogin = Context.ValidateCredentials(Username, Password); //Check the Group Admin is within this user //******HERE var Results = UserPrincipal.FindByIdentity(Context, Username).GetGroups(Context); foreach(Principal Result in Results) { if (Result.SamAccountName == "Domain Admins") { _IsAdminGroup = true; break; } } Results.Dispose(); Context.Dispose(); } catch (PrincipalServerDownException) { _IsValidDomain = false; } }

The information in the login dialog box is entered as follows:

 Domain: test.internal Username: testaccount Password: Password01

Hope someone can shed some light on this mistake.

Update:

After checking the security logs on the server, I see that my login attempts were successful, but this happens before:

 _IsValidLogin = Context.ValidateCredentials(Username, Password);

The line after im checks the groups causes an error, so the main problem is that the lines of code below do not work correctly from a computer that is not connected to the network:

 var Results = UserPrincipal.FindByIdentity(Context, Username).GetGroups(Context);
+7
c # active-directory active-directory-group
source share
2 answers

According to your piece of code, you fail when you try to create a PrincipalContext before calling ValidateCredentials. At this point, the thread executing your code still works either with a local identifier (if you are working in a web process) or with an identifier signed on your computer (for a Windows process). Any of them will not exist in the test internal domain.

You might want to try overloading the PrincipalContext, which includes the username and password in the constructor. See http://msdn.microsoft.com/en-us/library/bb341016.aspx

+2
source share

I used quite a bit of user management through C # .NET. I just dug up some methods that you can try.

The following two methods will get the DirectoryEntry object for the given SAM account name. Requires DirectoryEntry, which is the root of the OU to which you want to start searching for an account.

Another will give you a list of distinguished names of the groups of which the user is a member. You can then use these DNs to search for AD and get a DirectoryEntry object.

 public List<string> GetMemberOf(DirectoryEntry de) { List<string> memberof = new List<string>(); foreach (object oMember in de.Properties["memberOf"]) { memberof.Add(oMember.ToString()); } return memberof; } public DirectoryEntry GetObjectBySAM(string sam, DirectoryEntry root) { using (DirectorySearcher searcher = new DirectorySearcher(root, string.Format("(sAMAccountName={0})", sam))) { SearchResult sr = searcher.FindOne(); if (!(sr == null)) return sr.GetDirectoryEntry(); else return null; } }
+2
source share

More articles:


All Articles