ADSI returning groups in Global scope and Domain local scope instead of Universal scope

M

Maziar Aflatoun

Hi everyone,

I'm having a problem with reading user groups on Active Directory using C#.
It returns all the groups in the Universal scope for a specific user.
However, I only need the groups in Global scope and Domain local scope. Does
anyone know I can modify the following code to this?

DirectoryEntry entry = new DirectoryEntry("LDAP://" + Domain, CurrentUser,
pwd, AuthenticationTypes.Secure);
DirectorySearcher mySearcher = new DirectorySearcher(entry);


// Change this search for anything
mySearcher.Filter = ("(sAMAccountName="+CurrentUser+")");
try
{
System.DirectoryServices.SearchResult resEnt = mySearcher.FindOne();

// Display all groups for this user
object obGroups = de.Invoke("Groups");
foreach (object ob in (IEnumerable)obGroups)
{
DirectoryEntry obGpEntry = new DirectoryEntry(ob);
group = obGpEntry.Name.Replace("CN=", "");
Response.Write("Group: " + group + "<br>");
}
....


Thank you
Maz A.
 
W

Willy Denoyette [MVP]

You need to refine your filter and include Grouptype filtering (search MSDN
platform sdk for ADS_GROUP_TYPE_ENUM and DirectorySearcher samples ).
Following is a small sample:

"....(&(sAmAccount...)(objectCategory=group)(groupType:1.2.840.113556.1.4.804:=4)"
// Domain local groups only (4)

Willy.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

ADSI in NT40 1
Active Directory 6
How to get memberOf groups for a user in ldap ? 1
Active Directory groups 2
How can i connect LDAP and query AD to authorize Domain User Name and Password? 0
Iterate and List Members of an NT Group with LDAP 2
Getting the properties of a DirectoryEntry (local user) in c# whenthe user is a domain account? Acti 5
Problem in accessing the resources with domain local scope 1

Top