LDAP: How to retrieve info for AD Users PrimaryGroup

[Brad]

I'm extracting info for users and group in our domain using
directoryservices. This is working well except I have one more piece I need
to finish which I'm stuck on. I need to (a) query the info for a users
primary group so I can add it to my displayed list of groups for a user and
(b) I want to display all members of a group which means I need to query all
the users who's primarygroup is the group I'm looking at so I can then
append that to the users who are in the memberof property.

So can someone assist on how to go about this. for (a) above, I've read it
has to do with building a sid for the domain, parsing it and then appending
the primarygroupid from the user and then using this info to query the
group. But I'm lost as to how to do this using .Net (I've seen script
examples) and to do (b) above.

Can someone help me out with this? If you have a VB.Net example, great,
but C# will do too.


Thanks


Brad

 

[Peter Huang]

Hi Brad,

A)
You may take a look at the link below

http://groups.google.com/groups?q=group+"Vb.NET"+ldap+primary+group&hl=e
n&lr=&ie=UTF-8&oe=UTF-8&selm=SiqJ6NO5CHA.1536%40cpmsftngxa08.phx.gbl&rnum=3

Or use the sample
Function GetUserPrimaryGroup(ByVal user As DirectoryEntry) As String
Dim primaryGroupID As Integer = user.Properties("primaryGroupID").Value
Dim objectSid As Byte() = user.Properties("objectSid").Value
Dim escapedGroupSid As New System.Text.StringBuilder()
'Copy over everything but the last four bytes(sub-authority/RID)
'Doing so gives a the prefix SID for objects in the user's domain
Dim i As Integer
For i = 0 To (objectSid.Length - 4) - 1
escapedGroupSid.AppendFormat("\{0:x2}", objectSid(i))
Next i

'Add the primaryGroupID(RID) to the escape string to build the SID of
the
primaryGroup
For i = 0 To 3
escapedGroupSid.AppendFormat("\{0:x2}", primaryGroupID And &HFF)
'This is like primaryGroupID >>= 8; in C#
primaryGroupID = primaryGroupID / (2 ^ 8) 'Move on to the next byte
Next i
'Search the directory for a group with this SID
Dim searcher As New DirectorySearcher()
searcher.Filter = "(&(objectCategory=Group)(objectSID=" +
escapedGroupSid.ToString() + "))"
searcher.PropertiesToLoad.Add("distinguishedName")
Return CStr(searcher.FindOne().Properties("distinguishedName")(0))
End Function 'GetUserPrimaryGroup

B)
Add a reference ADO and run the sample below in VB.NET
Private Sub Command1_Click(ByVal eventSender As System.Object, ByVal
eventArgs As System.EventArgs) Handles Command1.Click
Dim cn As ADODB.Connection
Dim rs As ADODB.Recordset
cn = New ADODB.Connection
cn.Provider = "ADsDSOObject"
cn.Open()
rs = cn.Execute("select AdsPath,SAMAccountName from
'LDAP://CN=Users,DC=fareast,DC=corp,DC=microsoft,DC=com' where
objectClass='user' and objectCategory='person'")
While Not rs.EOF

System.Diagnostics.Debug.WriteLine(VB6.TabLayout(rs.Fields("AdsPath").Value,
rs.Fields("SAMAccountName").Value))
rs.MoveNext()
End While
rs.Close()
cn.Close()
rs = Nothing
cn = Nothing
End Sub

If you have any concern on this question, please post here.

Regards,
Peter Huang
Microsoft Online Partner Support
Get Secure! www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.

 

[Brad]

Thanks

Hi Brad,

A)
You may take a look at the link below

http://groups.google.com/groups?q=group+"Vb.NET"+ldap+primary+group&hl=e
n&lr=&ie=UTF-8&oe=UTF-8&selm=SiqJ6NO5CHA.1536%40cpmsftngxa08.phx.gbl&rnum=3

Or use the sample
Function GetUserPrimaryGroup(ByVal user As DirectoryEntry) As String
Dim primaryGroupID As Integer = user.Properties("primaryGroupID").Value
Dim objectSid As Byte() = user.Properties("objectSid").Value
Dim escapedGroupSid As New System.Text.StringBuilder()
'Copy over everything but the last four bytes(sub-authority/RID)
'Doing so gives a the prefix SID for objects in the user's domain
Dim i As Integer
For i = 0 To (objectSid.Length - 4) - 1
escapedGroupSid.AppendFormat("\{0:x2}", objectSid(i))
Next i

'Add the primaryGroupID(RID) to the escape string to build the SID of
the
primaryGroup
For i = 0 To 3
escapedGroupSid.AppendFormat("\{0:x2}", primaryGroupID And &HFF)
'This is like primaryGroupID >>= 8; in C#
primaryGroupID = primaryGroupID / (2 ^ 8) 'Move on to the next byte
Next i
'Search the directory for a group with this SID
Dim searcher As New DirectorySearcher()
searcher.Filter = "(&(objectCategory=Group)(objectSID=" +
escapedGroupSid.ToString() + "))"
searcher.PropertiesToLoad.Add("distinguishedName")
Return CStr(searcher.FindOne().Properties("distinguishedName")(0))
End Function 'GetUserPrimaryGroup

B)
Add a reference ADO and run the sample below in VB.NET
Private Sub Command1_Click(ByVal eventSender As System.Object, ByVal
eventArgs As System.EventArgs) Handles Command1.Click
Dim cn As ADODB.Connection
Dim rs As ADODB.Recordset
cn = New ADODB.Connection
cn.Provider = "ADsDSOObject"
cn.Open()
rs = cn.Execute("select AdsPath,SAMAccountName from
'LDAP://CN=Users,DC=fareast,DC=corp,DC=microsoft,DC=com' where
objectClass='user' and objectCategory='person'")
While Not rs.EOF

System.Diagnostics.Debug.WriteLine(VB6.TabLayout(rs.Fields("AdsPath").Value,
rs.Fields("SAMAccountName").Value))
rs.MoveNext()
End While
rs.Close()
cn.Close()
rs = Nothing
cn = Nothing
End Sub

If you have any concern on this question, please post here.

Regards,
Peter Huang
Microsoft Online Partner Support
Get Secure! www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.