Home/ Questions/Q 6962607
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T15:40:57+00:00

I need to find out all AD groups SIDs that current user belongs to

  • 0

I need to find out all AD groups SIDs that current user belongs to inside my Sharepoint (2007) webpart.

I wanted to use System.DirectoryServices.AccountManagement namespace: 

using (var context = new PrincipalContext( ContextType.Domain ))
{
    using (var user = UserPrincipal.FindByIdentity( context, accountName ))
    {
        var groups = user.GetAuthorizationGroups();
        ...
    }
}

, but I get the following error:

Event ID: 10016
Through the permission settings (application specific) is the SID (S-1-5-20) for user NT AUTHORITY \ NETWORK SERVICE of address localhost (Using LRPC) is not authorized to activate (Local) for the COM Server application with CLSID
{61738644-F196-11D0-9953-00C04FD919C1}

This might be fixed with this http://support.microsoft.com/kb/899965
but this approach requires changing registry values (the ownership of the application, so you can change apps values at dcomcnfg) and later User Permissions at dcomcnfg’s COM security, which isn’t an option for me.

Is there another way to access Current user’s groups SIDs inside Sharepoint?

I really hoped I can find these values in SPContext.Current.Web.CurrentUser.Groups, but apparently not.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You need to go the SharePoint way here and not use System assemblies, but the SharePoint ones.

    The SID of each user is in the SPUser.Sid Property. As you want to look for AD groups only you can check the .IsDomainGroup Property of SPUser.

    Now all you need to do is check the current user: ´SPContext.Current.Web.CurrentUser(aSPUser` object).

    To answer your question how to get all groups a user belongs to, you actually will need to use System.DirectoryServices. A solution for your problem is shown in the following stackoverflow posts:

    So in short: SPUser object as well as querying the Active Directory via DirectoryServices

    • 0