Get users of AD group for use in SharePoint webpart.
Welcome to my first technical posting.
My task here was simple, create a web part that displays the users of an Active Directory OU (Organizational Unit or group basically) which will have been added to a SharePoint site. This is our model internally going forward on how we are managing access to sites within our farm, so basically every site will only have one member... an AD group. This way we can manage (or let someone else manage) access through AD.
I won't get into how to create a web part in this post (you can start here if you like), but more of the guts of what I used to get what I needed out of .NET in a web part. This is really basic to the rendered output is nothing fancy.
Basically I got the site's userlist from the site context, iterated the user list, checked to see if the user was a group, if so, called code to give me the AD users of that group and output the user list.
First add a reference to:
System.DirectoryServices.AccountManagement;
Here's the code:
First: this code was inside the
protected override void CreateChildControls() function.
string currentUrl = System.Web.HttpContext.Current.Request.Url.ToString();
SPSecurity.RunWithElevatedPrivileges(
delegate()
{
using (SPSite site = new SPSite(currentUrl))
{
SPWeb web = site.OpenWeb();
SPGroupCollection grps = web.Groups;
foreach (SPGroup group in grps)
{
if (group.Name == web.AssociatedMemberGroup.ToString()) //This gets the users/group from the current site
{
Controls.Add(new LiteralControl("" + group.Name + "
"));
foreach (SPUser user in group.Users)
{
if (user.IsDomainGroup)
{
string groupName = user.Name.Remove(0,5);
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain, domainName))
{
if (ctx != null)
{
GroupPrincipal gp = GroupPrincipal.FindByIdentity(ctx, IdentityType.Name, groupName);
if (gp != null)
{
foreach (Principal p in gp.GetMembers(true))
{
Controls.Add(new LiteralControl(p.Name + "
")); ....(bracketd removed for brevity)
Sorry for the lame code spit out, I'm still new to blogspot.
One thing I wanted to point out here was:
string groupName = user.Name.Remove(0,5); You can manipulate the string however you like (Substring etc.) but what took me a while to figure out was that GroupPrincipal.FindByIdentity expects the group name without the domain\ prefix, so in my case my domain name is only four letters and a '\'. This took me way too long to figure out, and no offence to M$, but sometimes the documentation just doesn't specify that in easy to understand terms.
Also, here's a link to Brad Rutkowski's blog where I found the base code for getting members out of a group.
Hope this helps someone out there.
-Eric
My task here was simple, create a web part that displays the users of an Active Directory OU (Organizational Unit or group basically) which will have been added to a SharePoint site. This is our model internally going forward on how we are managing access to sites within our farm, so basically every site will only have one member... an AD group. This way we can manage (or let someone else manage) access through AD.
I won't get into how to create a web part in this post (you can start here if you like), but more of the guts of what I used to get what I needed out of .NET in a web part. This is really basic to the rendered output is nothing fancy.
Basically I got the site's userlist from the site context, iterated the user list, checked to see if the user was a group, if so, called code to give me the AD users of that group and output the user list.
First add a reference to:
System.DirectoryServices.AccountManagement;
Here's the code:
First: this code was inside the
protected override void CreateChildControls() function.
string currentUrl = System.Web.HttpContext.Current.Request.Url.ToString();
SPSecurity.RunWithElevatedPrivileges(
delegate()
{
using (SPSite site = new SPSite(currentUrl))
{
SPWeb web = site.OpenWeb();
SPGroupCollection grps = web.Groups;
foreach (SPGroup group in grps)
{
if (group.Name == web.AssociatedMemberGroup.ToString()) //This gets the users/group from the current site
{
Controls.Add(new LiteralControl("" + group.Name + "
"));
foreach (SPUser user in group.Users)
{
if (user.IsDomainGroup)
{
string groupName = user.Name.Remove(0,5);
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain, domainName))
{
if (ctx != null)
{
GroupPrincipal gp = GroupPrincipal.FindByIdentity(ctx, IdentityType.Name, groupName);
if (gp != null)
{
foreach (Principal p in gp.GetMembers(true))
{
Controls.Add(new LiteralControl(p.Name + "
")); ....(bracketd removed for brevity)
Sorry for the lame code spit out, I'm still new to blogspot.
One thing I wanted to point out here was:
string groupName = user.Name.Remove(0,5); You can manipulate the string however you like (Substring etc.) but what took me a while to figure out was that GroupPrincipal.FindByIdentity expects the group name without the domain\ prefix, so in my case my domain name is only four letters and a '\'. This took me way too long to figure out, and no offence to M$, but sometimes the documentation just doesn't specify that in easy to understand terms.
Also, here's a link to Brad Rutkowski's blog where I found the base code for getting members out of a group.
Hope this helps someone out there.
-Eric
Comments
Post a Comment