Hey Steve:
Basically, what I did was take about 10 examples from around the web, throw
in my own little bit and bingo it worked. Here is the code, some comments
along the way:
'Start up code:
Dim wi As WindowsIdentity = WindowsIdentity.GetCurrent
Dim logonname As String = wi.Name.ToString
Dim a As Boolean = security.checkpermissions("AD-GROUP-NAME",
logonname.Substring(3)) 'This is what group I want and what user to check
on, here, the currently logged in user
RichTextBox1.Clear()
RichTextBox1.AppendText(a.ToString)
'Calls CHECKPERMISSIONS, which is just a public exposer for the private
function
Public Shared Function checkpermissions(ByVal groupname As String, ByVal
username As String)
Dim results As Boolean = IsMember(global.groupdomain, groupname,
username)
Return results
End Function
Which calls IsMember:
Private Shared Function IsMember(ByVal strDomain As String, ByVal strGroup
As String, ByVal strMember As String) As Boolean
Try
Dim strLDAP As String = "LDAP://yourldapserverhere"
Dim m_obDirEntry As New
DirectoryEntry("GC://OU=users,OU=container,DC=domain,DC=domain,DC=com")
'This is the container root you want to start your search from
Dim srch As New DirectorySearcher(m_obDirEntry)
'This is where I have been having all my problems. strMember is
coming in as username, not DN, which is what I was originally trying to get
out. If you look at your AD setup, your users
'probably have their CN as the full name on the account, with their
actual username burried somewhere in that record, such as sAMAccountName,
which is the backwards compatable with Windows
'98 way of representing your username. Since I was searching for CN
(because I thought I had to), I was trying to get a DN out of a username and
it just wasn't working. Come to find out, I CAN
'search for something else - actually, I can search any darn thing
in there, which is nice and obvious now that I have done it...haha, so, I
switched out the expression below, which many recognize as
'the .Filter search string and stuck sAMAccountName in there instead
of CN and presto - I find the right user, now to enumerate the group
membership...
srch.Filter = "(&(objectClass=user)(sAMAccountName=" & strMember &
"))"
srch.PropertiesToLoad.Add("memberOf")
'Got this off the net someplace - kudos to the person that came up
with it. Now that I have the memberOf properties in srch (see line above),
I can build a string of JUST the group names (it originally
'comes out as one big mess, all DNs of the groups, that's not what I
want, hence the string builder...
Dim groupNames As New System.Text.StringBuilder
Dim result As SearchResult = srch.FindOne()
Dim propertyCount As Int32 = result.Properties("memberOf").Count
Dim dn As String
Dim equalsIndex As Int32, commaIndex As Int32
Dim propertyCounter As Int32
For propertyCounter = 0 To propertyCount - 1
dn = result.Properties("memberOf")(propertyCounter)
equalsIndex = dn.IndexOf("=", 1)
commaIndex = dn.IndexOf(",", 1)
If (-1 = equalsIndex) Then
groupNames.Append(dn)
Else
'This is where that magic happens, the author of this code
attaches just the group name to the end of the string and then inserts a
delimiter (could be anything almost, but a | is good)
groupNames.Append(dn.Substring((equalsIndex + 1), (commaIndex -
equalsIndex) - 1))
groupNames.Append("|")
End If
Next propertyCounter
'Now, if you look at my original calling code, you see that I really
DON'T want all of the groups, I just want to know if the group I gave it, is
in the username account of the username I gave, so it
'is really just a true or false I am looking for, so I take that
string and stick it into an array (there are other ways of doing it, I just
like this one today)
Dim ar As Array = Split(groupNames.ToString, "|")
Dim results As Boolean = False
For Each element As String In ar
If strGroup = element Then results = True
Next
'There you have it!
Return results
'Teardown stuff
m_obDirEntry.Dispose()
m_obDirEntry = Nothing
srch = Nothing
Catch ex As Exception
'Handle the exception
End Try
End Function
SO, after all that, I was finally able to take a username to an account in
AD, enumerate the groups and check if I was a member of said group. Hope
that is of some interest to you and anyone else thread watching.
Derek
