Want to know if a person or user is part of a group in Active Directory? Rather than retrieving a list of groups that the user is a member of and then find which groups those groups are members of until the desired group is found LDAP supports a chaining operator. Here's a handy article on MSDN that tells you how to use it:
After some mucking about I found that you need to leave off the brackets surrounding the distinguished name in order to get this to work. For example
var query = string.Format(
"(&(objectClass=group)(samaccountname={0})(memberof:1.2.840.113556.1.4.1941:={1}))",
childGroupName, parentGroupDistinguishedName);
No comments:
Post a Comment