Thanks for posting Maggie! There are a couple of things to point out here: - This only works for security groups, not for distribution only groups (since they aren't in the user's token and won't be in tokenGroups) - It won't necessarily pick up groups in a different domain - It can be made much faster doing a search for all of the groups at once by creating a big LDAP filter with all of the group SIDs than by binding to each one individually Someday I'll try to post a sample showing the latter part unless you happen to decide to try it yourself. 'maggieb' wrote in message [email protected]. Maggieb 17/2/2005, 9:38 น. Yes, I had read about the method you mention but had great difficulty finding a good enough example of how to do it. Active Directory Primary Group MembersThe Get-ADUser cmdlet gets a user object or performs a search to retrieve multiple user objects. The Identity parameter specifies the Active Directory user to get. You can identify a user by its dist. Primary group membership is specific to Active Directory. Container Object Filter ldap.container.object.filter. LDAP filter used to identify objects of type container. Containers can be selected as root for custom group filters in the web administration console. Default LDAP Filters and Attributes for Users, Groups and Containers. A User in Active Directory is required to have a 'Primary Group Id' assigned. A User without a Primary Group assigned is invalid, and the normal utilities like the MMC Users and Computers console will not allow you to create one without, nor allow you to remove the Domain Users group membership. As per the text next to the 'Primary Group' button, this setting applies only for POSIX applications and Mac clients. Is it not needed for every day Active Directory usage and can safely be. The examples I found most readily were in VB (not even VB.Net, and pretty cryptic). A better example would be wonderful. My intent with this class was to get security groups, since I use this class specifically for security purposes. This implementation picks up groups in the domain specified in the ldapPath and the domain argument. I needed it for an application that was residing in a different domain than the active directory where the users were. Active Directory Create ContainerBy providing the full path to the active directory domain controller in the ldapPath I was able to retrieve info for users the different domain. Joe Kaplan (MVP - ADSI) 17/2/2005, 10:34 น. Recursion will expand out memberOf. However, it does not include the primary group, so if you need that, you need to use another method. The other potential issue with memberOf is that it includes both security and distribution groups. Active Directory Group TypesDepending on what you want, this may or may not be a good thing. If you only want security groups, then more work is needed to filter the non-security groups out. So, I will say that recursing over memberOf does work to expand group membership. It is just that if you want security groups, tokenGroups seems to me to be more more straightforward and vastly faster by the time you verify each group's type. I can almost read your PERL code.:) Joe K. 'Nikhil' wrote in message news:[email protected]. Phronima 31/3/2005, 17:23 น. Hi, My test failed in the GetGroups method, on the following line GenericIdentity id = new GenericIdentity(username, 'LdapAuthentication'); Error: There is no such object on server I dont know much about LDAP but the usernanme and LDAP paths are correct as I've been stuffing around with this for 2 days now. Relevant section in my web.config just in case this could be a problem Any ideas? System Management Container Active Directory'Joe Kaplan (MVP - ADSI )' wrote in message news. [email protected] 31/3/2005, 17:21 น. Hi, My test failed in the GetGroups method, on the following line GenericIdentity id = new GenericIdentity(username, 'LdapAuthentication'); Error: There is no such object on server I dont know much about LDAP but the usernanme and LDAP paths are correct as I've been stuffing around with this for 2 days now. Relevant section in my web.config just in case this could be a problem Any ideas?
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |