Checking if a user exists in a domain without enumerating through the list of users.

Monday, September 8, 2003

.NET

Recently I had to determine if a user exists in a particular group in a particular domain. Since I am not using ActiveDirectory/LDAP I couldn't use the System.DirectoryServices.DirectorySearcher (which limited my options a great deal).

I found a number of examples of people recommending that you retrieve Members Collection of a Group DirectoryEntry and then enumerating through the list. The problem with this approach is that as the list of members grows, so does the time it takes to evaluate the list. So I needed a better method. Fortunately, you can create a DirectoryEntry object and invoke one of its underlying ( COM ) methods. So, if in your DirectoryEntry construction, you specify a valid group path, you can invoke the IsMember method off of the internally contained object that implements IADsGroup.

In other words, two lines of code will enable you to determine if a user is a member of a WinNT Group. This example checks against a local group.

// Construct a DirectoryEntry object pointing to a group local to my machine ( this could be a domain group).
DirectoryEntry groupEntry = new DirectoryEntry( "WinNT://MyMachineName/MyLocalGroupName,group" );
// Now invoke the IsMember method
bool val = (bool)groupEntry.Invoke( "IsMember","WinNT://CORPORATEDOMAIN/MNolton");

As with any of my postings, feedback is appreciated.

Mathew Nolton

7 Comments

I tried doing using it this way, but the Invoke seemed to leak memory... Are you having this problem with your code?

Dimitri Glazkov - Monday, September 8, 2003 7:15:00 PM

No, I do not know of any memory leak problems with this. I did change this to use a using statement to make sure it is always disposed e.g.

using( DirectoryEntry groupEntry =

new DirectoryEntry("XXX,group" ) )

{

bool val = (bool)groupEntry.Invoke

("IsMember", "WinNT://XXX");

MessageBox.Show( val.ToString() );

}

However, your statement concerns me and I will see what I can dig up.

What did you end up doing?

-Mathew Nolton

Mathew Nolton - Monday, September 8, 2003 7:49:00 PM

You could also iterate the memberOf property of a user object.

Brian Desmond - Monday, September 8, 2003 10:04:00 PM

At this point, I am just enumerating, but I like the solution from Brian -- I am going to try that...

Dimitri Glazkov - Monday, September 8, 2003 11:22:00 PM

the problem with enumerating any list is that you are making 1-n underlying COM calls that have to be marshalled. additionally, you still have the same issue of enumerating and creating a situation where as the number of groups increases the performance decreases.

additionally, to retrieve the list of Members from a group or to retrieve a list of groups from a user object, you still have to perform an underlying COM invoke. if that is the case, i would rather invoke IsMember and marshal a single call returning a single boolean value (albeit a boxed value) as opposed to marshalling an entire collection and then enumerating the collection.

as for the memory leak, i have not encountered it yet but i am doing my due diligence. i have noticed that the virtual memory is growing but it is periodically being reclaimed so i beleive it is not leaking memory. but i am going to continue to monitor the process. if you have any other information on it because anytime i hear the words memory leak i get nervous. regardless, if you have any additional information on it, could you forward it to me?

Mathew Nolton

Mathew Nolton - Tuesday, September 9, 2003 12:29:00 AM

It's fien but i'd like to enumerate the users but also the groups...

what can i do then ?

thx

Troll

troll - Tuesday, January 20, 2004 4:12:00 PM

Please I need get UlerList from a group inside a domain

Mario - Tuesday, March 30, 2004 12:55:00 PM

Comments have been disabled for this content.