Given a group name and a user account, I would like to know if the supplied user belongs to a particular group. The user can be a local user or a domain user and the group could be a local group or a domain group and the group could also be nested inside other groups. In short I am looking for a function like bool IsUserMemberOf(User, Group)
that will internally call the appropriate Win32 APIs to do the search. I guess the process making the above query should have the necessary privileges to query local and AD groups. I guess runing the process under enterprise admin account should do the job of querying any DCs in the forest but may not work for machines that are not part of a domain. Any ideas on what account this querying process should run so that it can query the LSA as well as the AD?
views:
347answers:
2
+2
Q:
How to programmatically figure out if a user account is a member of a particular group in Windows?
A:
You need to read up on GetTokenInformation (TOKEN_USER), AllocateAndInitializeSid and CheckTokenMemberShip.
Magnus Skog
2009-06-23 15:54:16
+1
A:
UserPrincipal.IsMemberOf(GroupPrincipal) "returns a Boolean value that specifies whether the principal is a member of the specified group".
Mark Brackett
2009-06-23 16:37:17