Skip to content

Instantly share code, notes, and snippets.

@gbrayut
Last active December 29, 2015 03:09
Show Gist options
  • Save gbrayut/7605918 to your computer and use it in GitHub Desktop.
Save gbrayut/7605918 to your computer and use it in GitHub Desktop.
void Main()
{
var username = @"ad\u0861240";
var userNameNoDomain = username.Split('\\').Last();
var Context = new System.DirectoryServices.AccountManagement.PrincipalContext( System.DirectoryServices.AccountManagement.ContextType.Domain
,"ad.utah.edu","OU=People,DC=ad,DC=utah,DC=edu",@"","");
var directoryEntry = new DirectoryEntry("LDAP://DC=ad,DC=utah,DC=edu");
var directoryEntryBase = new DirectoryEntry("LDAP://DC=ad,DC=utah,DC=edu");
using (var directorySearcher = new DirectorySearcher(directoryEntry)
{
Filter = string.Format("(sAMAccountName={0})", userNameNoDomain)
})
{
directorySearcher.PropertiesToLoad.AddRange(new string[]{"msDS-PrincipalName","displayName","adspath"});
var resultset = directorySearcher.FindOne();
//resultset.Dump();
var adspath = resultset.Properties["adspath"][0].ToString();
//get tokengroups (see http://stackoverflow.com/questions/3833785/)
var deuser = new DirectoryEntry(adspath);
var tokengroups = new List<System.Security.Principal.SecurityIdentifier>();
var groupnames = new List<string>();
using (DirectorySearcher dstargetuser = new DirectorySearcher(deuser)){
dstargetuser.SearchScope = SearchScope.Base; //tokengroups is a constructed attribute, so have to ask for it while performing a search
dstargetuser.Filter = "(objectclass=*)"; //this is closest thing i can find to an always true filter
dstargetuser.PropertiesToLoad.Add("tokengroups");
SearchResult srtargetuser = dstargetuser.FindOne();
//srtargetuser.Dump();
StringBuilder sbgroupsids = new StringBuilder("(|");
foreach (byte[] byteGroupSid in srtargetuser.Properties["tokenGroups"])
{
System.Security.Principal.SecurityIdentifier groupSid = new System.Security.Principal.SecurityIdentifier(byteGroupSid, 0);
tokengroups.Add(groupSid);
sbgroupsids.Append(GetSIDSearchFilter(groupSid));
}
sbgroupsids.Append(")");
//sbgroupsids.Dump();
tokengroups.First().Dump();
//tokengroups.dump("ldap tokengroups attribute");
using(DirectorySearcher dstargetsids = new DirectorySearcher(directoryEntry)){
dstargetsids.Filter = sbgroupsids.ToString();
foreach(SearchResult adgroup in dstargetsids.FindAll()){
var groupname = adgroup.Properties["name"][0].ToString();
groupnames.Add(groupname);
}
}
groupnames.Sort();
groupnames.Dump("group names");
}
}
}
// Define other methods and classes here
public static string GetSIDSearchFilter(SecurityIdentifier sid)
{
byte[] byteSid = new byte[sid.BinaryLength];
sid.GetBinaryForm(byteSid, 0);
return string.Format("(objectSid={0})", BuildFilterOctetString(byteSid));
}
public static string BuildFilterOctetString(byte[] bytes)
{
StringBuilder sb = new StringBuilder();
for (int i = 0; i < bytes.Length; i++)
{
sb.AppendFormat("\\{0}", bytes[i].ToString("X2"));
}
return sb.ToString();
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment