Untitled

AD not returning the groups which authenticated user belong to

Public Function ValidateActiveDirectoryLogin(ByVal domainName As String, ByVal userName As String, ByVal userPassword As String) As Boolean

        Dim isValidated As Boolean = False

 

    Try

 

        Dim ldapPath As String = "LDAP://" & domainName

        Dim dirEntry As New DirectoryEntry(ldapPath, userName, userPassword, AuthenticationTypes.Secure)

        Dim dirSearcher As New DirectorySearcher(dirEntry)

 

        dirSearcher.Filter = "(SAMAccountName=" & userName & ")"

        dirSearcher.PropertiesToLoad.Add("memberOf")

 

        Dim result As SearchResult = dirSearcher.FindOne()

 

        If Not result Is Nothing Then

 

                For Each x As DictionaryEntry In result.Properties

                    x.Key.ToString()

 

                    'DirectCast(x, System.Collections.DictionaryEntry).Key()

                Next

 

                Dim groupCount As Integer = result.Properties("memberOf").Count

                Dim isInGroup As Boolean = False

 

                For index As Integer = 0 To groupCount - 1

                    Dim groupDN As String = result.Properties("memberOf").Item(index).ToString

 

                    Dim equalsIndex As Integer = groupDN.IndexOf("=")

                    Dim commaIndex As Integer = groupDN.IndexOf(",")

 

                    Dim group As String = groupDN.Substring((equalsIndex + 1), (commaIndex - equalsIndex) - 1).ToLower

                    If group.Equals(groupName.ToLower) Then

                        isInGroup = True

                        Exit For

                    End If

                Next index

 

                isValidated = isInGroup

        End If

    Catch ex As Exception

        Throw New Exception(ex.Message)

    End Try

 

    Return isValidated

 

End Function

       

` Connection to Active Directory

Dim deBase As DirectoryEntry = New DirectoryEntry("LDAP://192.168.183.100:389/dc=dom,dc=fr", "jpb", "pwd")

 

` Directory Search for the group your are interested in

Dim dsLookForGrp As DirectorySearcher = New DirectorySearcher(deBase)

dsLookForGrp.Filter = String.Format("(cn={0})", "yourgroup")

dsLookForGrp.SearchScope = SearchScope.Subtree

dsLookForGrp.PropertiesToLoad.Add("distinguishedName")

Dim srcGrp As SearchResult = dsLookForGrp.FindOne

 

If (Not (srcGrp) Is Nothing) Then

    Dim dsLookForUsers As DirectorySearcher = New DirectorySearcher(deBase)

    dsLookForUsers.Filter = String.Format("(&(objectCategory=person)(memberOf={0}))", srcGrp.Properties("distinguishedName")(0))

    dsLookForUsers.SearchScope = SearchScope.Subtree

    dsLookForUsers.PropertiesToLoad.Add("objectSid")

    dsLookForUsers.PropertiesToLoad.Add("userPrincipalName  ")

    dsLookForUsers.PropertiesToLoad.Add("sAMAccountName")

    Dim srcLstUsers As SearchResultCollection = dsLookForUsers.FindAll

    For Each sruser As SearchResult In srcLstUsers

        Console.WriteLine("{0}", sruser.Path)

        ` Here Test if you username is insode

        Console.WriteLine(""& vbTab&"{0} : {1} ", "sAMAccountName", sruser.Properties("sAMAccountName")(0))

    Next

End If

       

/* Retreiving a principal context

 */

Console.WriteLine("Retreiving a principal context");

PrincipalContext domainContext = new PrincipalContext(ContextType.Domain, "WM2008R2ENT:389", "dc=dom,dc=fr", "jpb", "PWD");

 

 

/* Look for all the groups a user belongs to

 */

UserPrincipal aUser = UserPrincipal.FindByIdentity(domainContext, "user1");

PrincipalSearchResult<Principal> a =  aUser.GetAuthorizationGroups();

 

foreach (GroupPrincipal gTmp in a)

{

  Console.WriteLine(gTmp.Name);    

}