The native System.DirectoryService can’t recursively retrieve groups, so I created this enchanced one.
public class ActiveDirectoryService
{
private readonly string _gusetUserid;
private readonly string _guestPasswd;
private readonly DirectoryEntry _ldapEntry;
public enum FilterType
{
CN, // subGroup
SAMAccountName // user
}
public ActiveDirectoryService(string host, string baseDN, string guestUserId, string guestPasswd)
{
_gusetUserid = guestUserId;
_guestPasswd = guestPasswd;
_ldapEntry = new DirectoryEntry("LDAP://" + host + "/" + baseDN, _gusetUserid, _guestPasswd);
}
public IEnumerable<string> GetADUserGroups(string username)
{
return GetADUserGroups(username, true);
}
public IEnumerable<string> GetADUserGroups(string username, bool recursive)
{
return GetParentGroups(username, new List<string>(), FilterType.SAMAccountName, recursive);
}
private IList<string> GetParentGroups(string childName,
IList<string> originalGroups,
FilterType filterType,
bool recursive)
{
var search = new DirectorySearcher(_ldapEntry)
{
Filter = string.Format("({0}={1})", filterType, childName)
};
search.PropertiesToLoad.Add("memberOf");
SearchResult result = search.FindOne();
if (result != null)
{
int propertyCount = result.Properties["memberOf"].Count;
string dn;
for (int i = 0; i < propertyCount; i++)
{
dn = result.Properties["memberOf"][i].ToString();
int equalsIndex = dn.IndexOf("=", 1);
int commaIndex = dn.IndexOf(",", 1);
if (equalsIndex != -1)
{
string groupName = dn.Substring((equalsIndex + 1), (commaIndex - equalsIndex) - 1);
if (!originalGroups.Contains(groupName))
{
originalGroups.Add(groupName);
if (recursive) originalGroups = GetParentGroups(groupName, originalGroups, FilterType.CN, true);
}
}
}
}
return originalGroups;
}
}
namespace ActiveDirectoryServiceSpecs
{
[TestFixture]
public class ActiveDirectoryServiceSpecs
{
const string LDAP_HOST = "Dcxx";
const string LDAP_BASE_DN = "DC=xxxx,DC=xxx,DC=xx";
const string LDAP_GUEST_USERID = "guest";
const string LDAP_GUEST_PASSWD = "hello";
private ActiveDirectoryService _SUT;
[SetUp]
public void Setup()
{
_SUT = new ActiveDirectoryService(LDAP_HOST, LDAP_BASE_DN, LDAP_GUEST_USERID, LDAP_GUEST_PASSWD);
}
[Test]
public void should_get_immediate_user_ad_groups()
{
IEnumerable<string> adUserGroups = _SUT.GetADUserGroups("fmao", false);
Assert.That(adUserGroups.Count() > 0);
Assert.IsFalse(adUserGroups.Contains("Information Systems"));
foreach (var s in adUserGroups)
{
Console.WriteLine(s);
}
}
[Test]
public void should_get_recursive_user_ad_groups()
{
IEnumerable<string> adUserGroups = _SUT.GetADUserGroups("fmao", true);
Assert.That(adUserGroups.Count() > 20);
Assert.That(adUserGroups.Contains("Information Systems"));
foreach (var s in adUserGroups)
{
Console.WriteLine(s);
}
}
}
}
