I need a way in C# to find user IDs that are part of a particular AD Group, and if a user is part of the AD group return true.
What I have so far from Getting users list from an AD Group is :
private Boolean IsMemberPartOfGroup(String groupName)
{
var found = false;
var ctx = new PrincipalContext(ContextType.Domain); // fetch your group
var group = GroupPrincipal.FindByIdentity(ctx, groupName); // enumerate over the group's members
foreach(var p in group.Members)
{
if (String.CompareOrdinal("group", p.StructuralObjectClass) == 0)
{
var g = p as GroupPrincipal;
this.IsMemberPartOfGroup(g);
}
else if(p.Guid == UserPrincipal.Current.Guid)
{
found = true;
break;
}
}
return found;
}
The problem is if a member of a group is another group. Anyone that is part of the inner group that is a member of the outer group should be considered authorized.
Is there a better way to do this?