Thank you silentthread.
Its helps me a lot. I needed the function in C#, so I translate it. Think I could post this here, beside it is a VB forum.
Tks again.Code:public Boolean Check_If_Member_Of_AD_Group(String username, String grouptoCheck, String domain, String ADlogin, String ADpassword) { //This is a function that receives a username to see if it's a //member of a specific group in AD. try { //'First let's put the whole thing in a nice big try catch, and //'catch any errors. String EntryString; EntryString = "LDAP://" + domain; //'Above, we setup the LDAP basic entry string. DirectoryEntry myDE; //'Above, I dimension my DirectoryEntry object grouptoCheck = grouptoCheck.ToLower(); //'The groups returned may have different combinations of //'lowercase and uppercase, so let's go ahead //'and make grouptoCheck lowercase. if (ADlogin != "" && ADpassword != "") { //'If they provided a password, then add it //'as an argument to the function //'I recently learned about AndAlso, and it's pretty //'cool. Basically it does not worry about checking //'the next condition if the first one is not true. myDE = new DirectoryEntry(EntryString, ADlogin, ADpassword); //'Above, we create a new instance of the Directory Entry //'Includes login and password } else { //'Else, use the account credentials of the machine //'making the request. You might not be able to get //'away with this if your production server does not have //'rights to query Active Directory. //'Then again, there are workarounds for anything. myDE = new DirectoryEntry(EntryString); //'Above, we create a new instance of the Directory Entry //'Does not include login and password } DirectorySearcher myDirectorySearcher = new DirectorySearcher(myDE); //'Above we create new instance of a DirectorySearcher //'We also specify the Directory Entry as an argument. myDirectorySearcher.Filter = "sAMAccountName=" + username; //'Above we specify to filter our results where //'sAMAccountName is equal to our username passed in. myDirectorySearcher.PropertiesToLoad.Add("MemberOf"); myDirectorySearcher.PropertiesToLoad.Add("Name"); //'We only care about the MemberOf Properties, and we //'specify that above. SearchResult myresult = myDirectorySearcher.FindOne(); //'SearchResult is a node in Active Directory that is returned //'during a search through System.DirectoryServices.DirectorySearcher //'Above, we dim a myresult object, and assign a node returned //'from myDirectorySearcher.FindOne() //'I've never heard of similar login Id's in Active Directory, //'so I don't think we need to call FindAll(), so Instead //'we call FindOne() if(myresult.Properties["Name"].Count > 0) { loggedName = myresult.Properties["Name"][0].ToString(); } Int32 NumberOfGroups; NumberOfGroups = myresult.Properties["memberOf"].Count - 1; //'Above we get the number of groups the user is a memberOf, //'and store it in a variable. It is zero indexed, so we //'remove 1 so we can loop through it. String tempString; //'A temp string that we will use to get only what we //'need from the MemberOf string property while (NumberOfGroups >= 0) { tempString = myresult.Properties["MemberOf"][NumberOfGroups].ToString(); tempString = tempString.Substring(0, tempString.IndexOf(",", 0)); //'Above we set tempString to the first index of "," starting //'from the zeroth element of itself. tempString = tempString.Replace("CN=", ""); //'Above, we remove the "CN=" from the beginning of the string tempString = tempString.ToLower(); //'Lets make all letters lowercase tempString = tempString.Trim(); //'Finnally, we trim any blank characters from the edges if (grouptoCheck == tempString) { return true; } //'If we have a match, the return is true //'username is a member of grouptoCheck NumberOfGroups = NumberOfGroups - 1; } //'If the code reaches here, there was no match. //'Return false return false; } catch (Exception ex) { HttpContext.Current.Response.Write("Error: <br><br>" + ex.ToString()); } return false; }
Hernandes Moreira




Reply With Quote