How can I get the group name from an Active Directory group with .NET?

Question

I have code which as been working against an older Active Directory server and now I have pointed it to a new Windows Server 2008 AD system. Now the group names are coming back with SIDs and not names. I do not know enough about the AD side to know if there is a way to make the new AD server work like the older AD server.

My code is based on the Active Directory Role Provider for BlogEngine.NET on Codeplex.

http://blogengineadrp.codeplex.com/sourcecontrol/network/Show?projectName=BlogEngineADRP&changeSetId=5843#138380

I believe this the line that I will need to adjust.

IdentityReferenceCollection irc = ExpandTokenGroups(user).Translate(typeof(NTAccount));

Right now ExpandTokenGroups is returning the SID value while Translate has worked to change it into the human readable group name. I would like to know if I should pass in a different type than NTAccount to Translate.

What can I do to get the group name?

Answer 1

There is a nice explanation of a solution at: Translating Between Names and SIDs.

Basically, you call the LsaLookupSids function call.

Hope this helps!

Answer 2

This is my solution in C# which is not optimal but it is working.

    public override string[] GetRolesForUser(string username)
    {
        // list to store names of roles
        List<String> roles = new List<string>();

        // get the user directory entry
        DirectoryEntry user = getUser(username);

        foreach (String prop in user.Properties["memberOf"])
        {
            if (prop.IndexOf("CN=") == 0 && prop.IndexOf(",") != -1)
            {
                var groupName = prop.Substring("CN=".Length, prop.IndexOf(",") - "CN=".Length);
                roles.Add(groupName);
            }
        }

        return roles.ToArray();
    }