ADSI returning groups in Global scope and Domain local scope instead of Universal scope


Maziar Aflatoun

Hi everyone,

I'm having a problem with reading user groups on Active Directory using C#.
It returns all the groups in the Universal scope for a specific user.
However, I only need the groups in Global scope and Domain local scope. Does
anyone know I can modify the following code to this?

DirectoryEntry entry = new DirectoryEntry("LDAP://" + Domain, CurrentUser,
pwd, AuthenticationTypes.Secure);
DirectorySearcher mySearcher = new DirectorySearcher(entry);

// Change this search for anything
mySearcher.Filter = ("(sAMAccountName="+CurrentUser+")");
System.DirectoryServices.SearchResult resEnt = mySearcher.FindOne();

// Display all groups for this user
object obGroups = de.Invoke("Groups");
foreach (object ob in (IEnumerable)obGroups)
DirectoryEntry obGpEntry = new DirectoryEntry(ob);
group = obGpEntry.Name.Replace("CN=", "");
Response.Write("Group: " + group + "<br>");

Thank you
Maz A.

Willy Denoyette [MVP]

You need to refine your filter and include Grouptype filtering (search MSDN
platform sdk for ADS_GROUP_TYPE_ENUM and DirectorySearcher samples ).
Following is a small sample:

// Domain local groups only (4)


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question