0 votes

Hello,
I have a web service that checks if a user is a member of a group. I am not concerned if they are a direct member or an indirect member of a group, but if the user is in the group (or any of their groups is in the group) I need the method to return true. I know that I can use the IAdmGroup object to get a list of all members (direct and indirect) of the group but this service is going to be used quite a bit, and some of the groups could be very large (10,000+). I pulled the user object and used Groups() but it doesn't identify groups that the user is a nested member of. Is there a simple way to get a boolean response to if a user is a member of a group. Here is an example: User A is a member of group 2. Group 2 is a member of Group 1. My method needs to return true when I pass it User A and Group 1. I am using ADSI, c# (.Net 4.0), and WCF.

by (1.1k points)

1 Answer

0 votes
by (215k points)

Hello,

We've updated our SDK with an example that shows how to get all groups a user is a member of (directly or indirectly). Take a look at the second example in the following article: http://www.adaxes.com/sdk/?SampleScript ... ember.html.

0

Here is the solution we came up with. Hope this helps someone else with a similar problem.

List<string> Groups = new List<string>();
            var admUser = (IAdmTop) user;
            var groups = (Object[]) admUser.MemberOf;
            foreach (byte[] bytes in groups)
            {
                Guid guid = new Guid(bytes);
                var group = GetGroup("Adaxes://<GUID=" + guid.ToString() + ">");
                var name = group.Name;
                if (group.Name.Contains("CN="))
                    name = group.Name.Replace("CN=", string.Empty);
                Groups.Add(name);

            }
0

Hello,

In your script, you get the group name by accessing the Name property of the IADs interface. The property returns the Relative Distinguished Name (RDN) of an AD object. An RDN consists of an attribute type and attribute value in the format <attribute_type>=<attribute_value>, for example CN=My Group. To get the name of an AD object without the attribute type, you need to get the Name property of the object. For this purpose, use the Get property of the IADs interface. For example, in your code:

List<string> Groups = new List<string>();
            var admUser = (IAdmTop) user;
            var groups = (Object[]) admUser.MemberOf;
            foreach (byte[] bytes in groups)
            {
                Guid guid = new Guid(bytes);
                var group = GetGroup("Adaxes://<GUID=" + guid.ToString() + ">");
                var name = group.Get("name");
                Groups.Add(name);
            }
0

Hi

No matter what, it coud be really cool to have a Adm-IsUserMember cmdlet in the next version of Adaxes 8-)

- Thanks

Related questions

0 votes
1 answer

Our Help Desk currently 'mirrors' the group membership of a new user based on another existing user in our AD. I'd like to be able to automate this so that the initiator ... and 'paste' it on the new user being created. Any help on this would be appreciated!

asked Apr 21 by RayBilyk (680 points)
0 votes
1 answer

There is a script to indicated if a user is a member of any listed groups. Is it possible to have a version of the script that checks a group or member of any nested group? Current script page: https://www.adaxes.com/script-repositor ... s-s294.htm

asked Apr 30, 2018 by adaxes_user (2.1k points)
0 votes
1 answer

Hello, I want to check if a user is alredy a member of a specific group before doing sometings. This is the piece of code that works well if I execute it on Powershell ... .LogMessage($_.Exception.Message, "Warning") } } So what's wrong?? Thanks in advance!

asked Jun 29, 2016 by tentaal (5.8k points)
0 votes
1 answer

Hi, I'd like to implement a rule to ensure that telephoneNumber value is unique accross the domain for each user, either after creation or updates. I tried to implement a ... one (before change). How to get the new value in the script ? Thanks Stephen

asked May 31, 2011 by sroux (7k points)
0 votes
1 answer

We are attempting to use the member property in a powershell script for all groups. We get this error message on certain groups that are used as "primary". If we set another ... just shows the single member in the group in which the group is not the primary.

asked Feb 19 by mark.it.admin (4.3k points)
2,288 questions
2,042 answers
5,580 comments
54,810 users