Hi @George Waters , Welcome to Microsoft Q&A,
I'm not an expert on Active Directory.
Maybe you could use the classes in the System.DirectoryServices.AccountManagement
namespace to query the global directory and get the direct and indirect membership of a user. Specifically, you can use the PrincipalContext
and GroupPrincipal
classes to do this.
The GetAuthorizationGroups()
method returns all the user's authorization groups, including direct and indirect membership, which you can use for further judgment.
using System;
using System.DirectoryServices.AccountManagement;
namespace xxx
{
internal class Program
{
static void Main(string[] args)
{
// Assuming you already have the user's username and domain
string username = "username";
string domain = "yourdomain.com";
// Establish a PrincipalContext connected to the domain
using (PrincipalContext context = new PrincipalContext(ContextType.Domain, domain))
{
// Find user object
UserPrincipal user = UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, username);
if (user != null)
{
// Determine whether the user has permissions
bool hasPermission = HasPermission(user);
if(hasPermission)
{
Console.WriteLine("The user has permission.");
}
else
{
Console.WriteLine("The user does not have permission.");
}
}
else
{
Console.WriteLine("User not found.");
}
}
}
// Determine whether the user has permissions
static bool HasPermission(UserPrincipal user)
{
// Get all authorization groups of the user
PrincipalSearchResult<Principal> groups = user.GetAuthorizationGroups();
// Check here if the group has permissions, here is just an example
foreach (GroupPrincipal group in groups)
{
if (group.Name == "Group with permissions")
{
return true;
}
}
return false;
}
}
}
Best Regards,
Jiale
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.