querying ldap to retrieve groups user is member of (in sharepoint)

Question

I'm using Sharepoint in combination with Nintex. The possibility to query the ldap is available via Nintex, and basic querying actions work well! Now I am trying to get an array or collection of the groups the user is member of.. i've tried

(&(objectCategory=group)(member=cn={itemproperty:ldapName},dc=MyDomain))

Unfortunately this does not work, I'm not getting a response back from the logging nor can I find any other solution...

any tips or help on this issue would be greatly appreciated!

Erik

Answer 1

You will need to retrieve the "memberOf" attribute from your user to get a list of groups he's a direct member of.

I say direct because there are nested groups (User being member of Group A, which in turn is member of Group B) and those won't be returned.

Also, the primary group (usually "Users") is not being returned by the "memberOf" attribute either.

Marc

PS: If you can use .NET 3.5, there's a newer AD interface exposing users as strongly typed objects - see the excellent article by Joe Kaplan and Ethan Wilansky.

There, you can grab a user and then just call .GetAuthorizationGroups on the user object and you're done!