All,

As per subject, tried many examples that none seem to work.

Simply I need to check if the current user is a member of a certain
Active Directory group?

TIA
Iain

Mark Rae [MVP] wrote:
> "Iain" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>
>> As per subject, tried many examples that none seem to work.
>>
>> Simply I need to check if the current user is a member of a certain
>> Active Directory group?
>
> Firstly, you're in the wrong newsgroup. Please post ActiveDirectory
> questions in the ActiveDirectory newsgroup: microsoft.public.adsi.general
>
> However, the following function returns a List<string> of the groups
> that a user belongs to:
>
> List<string> GetGroupsForUser(string pstrUser)
> {
> List<string> lstGroups = new List<string>();
> using (DirectorySearcher objDS = new
> DirectorySearcher("objectCategory=User"))
> {
> objDS.Filter = "(SAMAccountName=" + pstrUser + ")";
> using (DirectoryEntry objUser = new
> DirectoryEntry(objDS.FindOne().Path))
> {
> PropertyCollection colProperties = objUser.Properties;
> PropertyValueCollection colPropertyValues =
> colProperties["memberOf"];
> foreach (string strGroup in colPropertyValues)
> {
> lstGroups.Add(strGroup.ToLower());
> }
> }
> }
> return lstGroups;
> }
>
> Then, all you have to do is check whether the group you're interested in
> is contained in the generic...
>
> Alternatively, as AD is navigational, not relational, start with the
> group and query AD for its members...
>
>
Sorry about the wrong newsgroup. This code works but only from my local
machine, any other connections non-local return the error message :

"The specified domain either does not exist or could not be contacted."

On Oct 19, 2:21*pm, Iain <i...@test.co.uk> wrote:
> Mark Rae [MVP] wrote:
> > "Iain" <i...@test.co.uk> wrote in message
> >news:(E-Mail Removed)...
>
> >> As per subject, tried many examples that none seem to work.
>
> >> Simply I need to check if the current user is a member of a certain
> >> Active Directory group?
>
> > Firstly, you're in the wrong newsgroup. Please post ActiveDirectory
> > questions in the ActiveDirectory newsgroup: microsoft.public.adsi.general
>
> > However, the following function returns a List<string> of the groups
> > that a user belongs to:
>
> > List<string> GetGroupsForUser(string pstrUser)
> > {
> > * *List<string> lstGroups = new List<string>();
> > * *using (DirectorySearcher objDS = new
> > DirectorySearcher("objectCategory=User"))
> > * *{
> > * * * *objDS.Filter = "(SAMAccountName=" + pstrUser + ")";
> > * * * *using (DirectoryEntry objUser = new
> > DirectoryEntry(objDS.FindOne().Path))
> > * * * *{
> > * * * * * *PropertyCollection colProperties = objUser.Properties;
> > * * * * * *PropertyValueCollection colPropertyValues =
> > colProperties["memberOf"];
> > * * * * * *foreach (string strGroup in colPropertyValues)
> > * * * * * *{
> > * * * * * * * *lstGroups.Add(strGroup.ToLower());
> > * * * * * *}
> > * * * *}
> > * *}
> > * *return lstGroups;
> > }
>
> > Then, all you have to do is check whether the group you're interested in
> > is contained in the generic...
>
> > Alternatively, as AD is navigational, not relational, start with the
> > group and query AD for its members...
>
> Sorry about the wrong newsgroup. This code works but only from my local
> machine, any other connections non-local return the error message :
>
> "The specified domain either does not exist or could not be contacted."- Hide quoted text -
>
> - Show quoted text -

is it an ASP.net application?

Alexey Smirnov wrote:

> is it an ASP.net application?

yes it is.

>
> There was no mention of remote active directory in your original post...
>
> http://www.codeproject.com/KB/system...thingInAD.aspx and search for
> "Target Specific Domain Controllers or Credentials"
>
>
> Again, active directory questions will likely get a better and faster
> response if you post them in the active directory newsgroup...
>
>
Sorry if my post was not very clear, the machines that I want to connect
via AD are all present within the same domain. The local machine hosting
IIS (essentially my dev box) can connect/query AD, but connecting via
another machine (on the same domain) returns :

"The specified domain either does not exist or could not be contacted."

when trying to access my dev box.

On Oct 19, 4:50*pm, Iain <i...@test.co.uk> wrote:
> > There was no mention of remote active directory in your original post....
>
> >http://www.codeproject.com/KB/system...ngInAD.aspxand search for
> > "Target Specific Domain Controllers or Credentials"
>
> > Again, active directory questions will likely get a better and faster
> > response if you post them in the active directory newsgroup...
>
> Sorry if my post was not very clear, the machines that I want to connect
> via AD are all present within the same domain. The local machine hosting
> IIS (essentially my dev box) can connect/query AD, but connecting via
> another machine (on the same domain) returns :
>
> "The specified domain either does not exist or could not be contacted."
>
> when trying to access my dev box.

This probably means that the asp.net account on another machine may
not query AD. Try to look in the event log for more details.

You need to configure your application to be running using Windows
Authentication (go to IIS). Authentication mode must be set to
"Windows" in the web.config file, identity impersonate to true.

To debug your application you can output current account name to see
what the difference is between your dev box and another machine:

Response.Write (User.Identity.Name);