Home/ Questions/Q 8419937
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-10T02:45:16+00:00

An AD setup I’m using has users that are stored as members of (multiple)

  • 0

An AD setup I’m using has users that are stored as members of (multiple) security groups.

I am using software that reads the memberof property of a user to work out access permissions.

In AD Explorer I can see the memberof property of the user shows the immediate security groups they belong to say ‘Course – English’. It does not show the parents groups, nested up to say ‘ALL Students’.

Is there a reason for this or a way of ensuring all nested groups are shown in the memberof property?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If you’re on .NET 3.5 and up, you should check out the System.DirectoryServices.AccountManagement (S.DS.AM) namespace. Read all about it here:

    Basically, you can define a domain context and easily find users and/or groups in AD:

    // set up domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);

// find a user
UserPrincipal user = UserPrincipal.FindByIdentity(ctx, "SomeUserName");

if(user != null)
{
   var groups = user.GetAuthorizationGroups();

   // enumerate over groups
   foreach(GroupPrincipal gp in groups)
   {
      // do something here....
   }
}

    The new S.DS.AM makes it really easy to play around with users and groups in AD!

    The .GetAuthorizationGroups() method is the only one around that I know of that will do recursive searches, e.g. find groups that a user is member of by virtue of another group. The pre-.NET 3.5 DirectoryServices stuff doesn’t do this – you would have to totally roll your own if you need that.

    • 0