Thursday 11 April 2013

Hierarchical LDAP Queries

Want to know if a person or user is part of a group in Active Directory? Rather than retrieving a list of groups that the user is a member of and then find which groups those groups are members of until the desired group is found LDAP supports a chaining operator. Here's a handy article on MSDN that tells you how to use it: After some mucking about I found that you need to leave off the brackets surrounding the distinguished name in order to get this to work. For example
var query = string.Format(
    "(&(objectClass=group)(samaccountname={0})(memberof:1.2.840.113556.1.4.1941:={1}))",
    childGroupName, parentGroupDistinguishedName);