1

I'm working on creating an administrative interface that allows managing users in groups in Active Directory.

I would like to only show groups to the active user if the user actually has the rights to add or remove other users within those groups, but I'm not sure at this point, how to determine which people can modify the groups, or whether the current person has access to modify a specific group.

I suppose the application can find out after the user tries and we get an access error, but I don't like to use error trapping as a way of determining if some feature is available and I would prefer not to tempt the users with a list of groups they can't control.

If possible, please supply an answer that targets vb.net 3.5 using System.DirectoryServices.AccountManagement as that is the environment that I am currently working within. I can translate from C# if necessary.

CStroliaDavis
  • 392
  • 4
  • 14
  • 1
    possible duplicate of [How to find all groups in ActiveDirectory where the current user has WriteProperty access?](http://stackoverflow.com/questions/2810613/how-to-find-all-groups-in-activedirectory-where-the-current-user-has-writepropert) – Chris Haas Aug 26 '11 at 16:39
  • This isn't a 100% duplicate because you are asking to use the `System.DirectoryServices.AccountManagement` namespace. Unfortunately, to the best of my knowledge, that is not possible. – Chris Haas Aug 26 '11 at 16:40
  • Thanks for the comment. I wish I could mark this as the answer to my question. It's close enough. Thank you. – CStroliaDavis Nov 18 '11 at 14:47

0 Answers0