Creating a List of AD Group Memberships
Ages ago, I created a console application here at work to power some after-hours scripts—dump out group memberships and send them up to various ASPs and such to manage relationships and avoid sending ALL of Active Directory across the wire. Well, that application was a “wow, we need it 10 minutes ago, can you make it dump out a CSV?” fling and, *knock on wood*, it continues to work.
But, with a recent demand, I noticed I totally forgot about having group memberships in our framework—whoops. I didn’t want to use an array or huge string like we’re using for the console: I wanted a List!
So, for those interested, here’s the code. It’s pretty uninteresting, but may save some time somewhere. To this point, I’m really interested in the new System.DirectoryServices.AccountManagement namespace (see presentation by Joe Kaplan, code by Bart De Smet) hat comes in Orcas. I hope, eventually, to throw things like this out the window and stop inventing COMMON functions that should have always been available (or will be in a few months!). If I get some time and anyone’s interested, I’ll toss up a comparison for fun.
internal static List<string> GetGroups(SearchResultEntry result)
string propertyName = “memberOf”;
// Check to make sure that there are groups.
if (result.Attributes[propertyName].Count > 0)
List<string> returnResult = new List<string>();
int groupCount =
for (int i = 0; i < groupCount; i++)
string fullGroupName =
// Fully Qualified Distinguished Name looks like:
int startGroupName = fullGroupName.IndexOf(“=”, 1);
int endGroupName = fullGroupName.IndexOf(“,”, 1);
if (startGroupName != -1)
string friendlyName =
startGroupName + 1,
(endGroupName – startGroupName) – 1);
return new List<string>();