2

Hi I try to get a List of all users of an ActiveDirectory Group. Windows Authentication is correctly set up and working as intended. I also can restrict specific controller actions to specific AD Groups / roles.

However I am not able to get a simple list of all users of a specific AD group.

I tried in my controller the follown:

[HttpGet]
public async Task<IActionResult> Test()
{    
    string username = HttpContext.User.Identity...; //nothing to find in here

    return View();
}

I found other answers using some private UserManager variables or context variables, however I don't have them in my controller, and the other answers I found, don't show me how to get them...

Any help would be highly appreciated.

Lukas
  • 1,699
  • 1
  • 16
  • 49
misanthrop
  • 771
  • 7
  • 32
  • There is no built-in way. Think of Windows Auth as essentially an external sign-in provider, like Google or Facebook. If you wanted information on a set of users at once with either of those, you'd have to resort to using their APIs. Likewise, with Windows Auth, you'll have to create an LDAP connection to your AD server and directly query the info from there. – Chris Pratt Oct 16 '18 at 14:40
  • Thanks for the swift reply! I don't understand why this functionality is not built in, when all the rest works really good... However: is there any good tutorial for the way you describe? – misanthrop Oct 16 '18 at 14:45
  • 2
    Why would it be built-in? It has nothing to do with authentication which is all the Windows Auth is about. For general information queries, AD is the source of truth, so that's what you need to consult. As far as tutorials go, just do a search. There's nothing specific to ASP.NET Core here. It's just LDAP, the same as you'd do anywhere. – Chris Pratt Oct 16 '18 at 14:55
  • @ChrisPratt Thank you really much for that comment. I now do understand why it is not build in and I was able to find an easy to implement solution with only little research in the internet! – misanthrop Oct 17 '18 at 06:19

2 Answers2

2

As @Chris Pratt mentioned in his comment, there is no build in way to solve this issue with asp.net core 2.0, but there is an easy way, doing it with C#.

So what I did is very simple, first I created the following class (heavily inspired by: https://stackoverflow.com/a/19604001/9641435)

using System.DirectoryServices.AccountManagement; //can be downloaded via NUGET Package manager
using System.Collections.Generic;

namespace MYNAMESPACE
{
    public static class ActiveDirectoryHelper
    {
        public static List<string> GetAllUserRealNamesFromAdGroup(string i_activeDirectyGroup)
        {
            var users = new List<string>();

            using (var context = new PrincipalContext(ContextType.Domain, "MY.DOMAIN.NAME"))
            {
                using (var group = GroupPrincipal.FindByIdentity(context, i_activeDirectyGroup))
                {
                    if (group != null)
                    {
                        var usersPrincipals = group.GetMembers(true);
                        foreach (UserPrincipal user in usersPrincipals)
                        {
                            //There are also other properties available, but in my case I just need the first and surname:
                            users.Add($"{user.GivenName} {user.Surname}");
                        }
                    }
                }
                return users;
            }
        }
    }
}

And now from my Controller I simply do the following:

[HttpGet]
public IActionResult MyAction()
{
    var myVm = new MyViewModel();

    List<string> userList = ActiveDirectoryHelper.GetAllUserRealNamesFromAdGroup("MYGROUP"); 

    //do whatever you want with this list right here:


    return View(myVm);
}

I hope this post might help someone else in the future, that's why I posted it as an answer.

misanthrop
  • 771
  • 7
  • 32
0

Not too sure if using powershell would be an option for you to get the listed users of a group in AD--- Get-ADGroup "group name" | Get-ADGroupMember | Select-Object samaccountname

POD
  • 36
  • 4