Check If Members Is In A Large (1500 members) Active Directory Group Using Directory Services

You need to be careful if you checking if a member exists in a large group (i.e. over 1500 members). The standard approach in the first code sample doesn’t work as the DE.Properties[“member”] property will only return 1500 members

The solution is shown in the 2nd code snippet using the ADSI Edit Invoke statement

 

[code:c#]

using System;
using System.Collections;
using System.Collections.Generic;
using System.Text;
using System.DirectoryServices;
using ActiveDs;

namespace DirectoryServices
{
    static class ADGroup
    {
        const string GROUP_PATH = “LDAP://PATHTOGROUPGOESHERE”;
        const string MEMBER_PATH = “LDAP://PATHTOUSERGOESHERE”;
        const string MEMBER_DISTINGUISHED_NAME = “USERDISTINGUISHEDNAMEGOESHERE”;

        public static bool IsMember2()
        {
            using (DirectoryEntry DE = new DirectoryEntry(GROUP_PATH))
            {
                if (DE.Properties[“member”].Contains(MEMBER_DISTINGUISHED_NAME))
                    return true;
                else
                    return false;
            }
        }
    }
}

[/code]

Use the code below to check if a members is in a large group

[code:c#]

using System;
using System.Collections;
using System.Collections.Generic;
using System.Text;
using System.DirectoryServices;
using ActiveDs;

namespace DirectoryServices
{
    static class ADGroup
    {
        const string GROUP_PATH = “LDAP://PATHTOGROUPGOESHERE”;
        const string MEMBER_PATH = “LDAP://PATHTOUSERGOESHERE”;
        const string MEMBER_DISTINGUISHED_NAME = “USERDISTINGUISHEDNAMEGOESHERE”;

        public static bool IsMember()
        {
            using (DirectoryEntry DE = new DirectoryEntry(GROUP_PATH))
            {
                return (bool)DE.Invoke(“IsMember”, MEMBER_PATH);
            }
        }
    }
}

[/code]

 

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *