Re: How do I check for domain group membership?

From: Dominick Baier [DevelopMentor] (dbaier_at_pleasepleasenospamdevelop.com)
Date: 09/30/05 

Date: Thu, 29 Sep 2005 21:56:29 -0700

Hello Byron,

use

whoami /groups

from the command line to check the exact spelling of the group names...

(whoami is included in w2k3 -> otherwise resource kit)

HTH
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> Thanks for the reply, but even when it is changed to:
>
> if ( prin.IsInRole(@"GTI\ILF_Installer") )
> Console.WriteLine("ILF_Installer");
> it still fails the check even though I know I'm a member of that
> domain universal security group. Since my name comes back as
> "GTI\UserName" I'm sure I'm logged into the right domain.
>
> Can you think of anything else that could be causing an issue?
>
> "Dominick Baier [DevelopMentor]" wrote:
>
>> Hello Byron,
>>
>> you have to use the fully qualified group name - which is
>> DOMAIN\GroupName
>>
>> ---------------------------------------
>> Dominick Baier - DevelopMentor
>> http://www.leastprivilege.com
>>> I have a WinForm app that will run on XP boxes in a Win2003 AD
>>> domain named "GTI.int". I have several Universal security groups
>>> named "ILF_x", one of which is "ILF_Installer" and I have made
>>> myself a member of that group for development. There are arrays of
>>> security group names associated with menu items along with other
>>> things that should be enabled or disabled based on security group
>>> membership, though my example code only uses the one group
>>> "ILF_Installer" for testing. I need a method that will iterate the
>>> array of acceptable security group names and return true if the
>>> current user is a member of at least one group, or false otherwise.
>>>
>>> I have tried the below listed code without success to test for my
>>> membership in the "ILF_Installer" group.
>>>
>>> As always, any help would be greatly appreciated.
>>>
>>> --------------------- SNIP
>>> --------------------------------------------------------------
>>> AppDomain myDomain = Thread.GetDomain();
>>> myDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);
>>> WindowsPrincipal prin = (WindowsPrincipal)Thread.CurrentPrincipal;
>>>
>>> Console.WriteLine("Principle:" + prin.Identity.Name);
>>>
>>> // The preceding line correctly displays GTI\MyUserName
>>>
>>> if ( prin.IsInRole("ILF_Installer") )
>>> Console.WriteLine("ILF_Installer");
>>> // The preceding block does NOT display "ILF_Installer" as desired.
>>> -------------------------------- SNIP
>>> ------------------------------------------

Relevant Pages

  • Re: W2k3 AD migration to W2k3 AD - HELP HELP!!
    ... I have been reading for days about AD ... I need to Migrate a Current W2k3 AD Domain to A NEW Domain but keeping the ... then going to be seperate with own routing and ADSL link etc, ...
    (microsoft.public.windows.server.migration)
  • Re: File Replication W2k3 to W2k3R2
    ... Just run setup2 from the second disk then use DFSR. ... "Paul MacFarlane" wrote in message ... I understand FRS will do the job and is available on W2k3 but I can't locate any info about setting it up to work with an R2 machine. ...
    (microsoft.public.windows.server.general)
  • Re: User login restrictions to PCs on Network
    ... Take a look at cconnect from the Resource Kit. ... SQL Server. ... HTH, ... > Can anyone tell me how I can restrict a domain user ...
    (microsoft.public.win2000.active_directory)
  • Re: Adding an additonal DC server
    ... You forgot to run adprep from the R2 CD. ... (w2k3 r2) ... I get an error about the version of active Directory schema of ...
    (microsoft.public.windows.server.migration)
  • Getting acess to the PPT file format.
    ... I recommend the appropriate office resource kit: ... HTH, ... >information regarding the office file formats but I can't ...
    (microsoft.public.powerpoint)