Re: Determine AD group membership
- From: "Skywing" <skywing_NO_SPAM_@xxxxxxxxxxxxxxxxxxx>
- Date: Sat, 17 Jun 2006 10:11:22 -0400
GetTokenInformation(Token, TokenGroups, Groups, GroupsLength,
&ReturnLength);
where you receive `Token' from any of the token-related functions, such as
`LogonUser' or `OpenProcessToken' or `ImpersonateNamedPipeClient' used in
conjunction with `OpenThreadToken'.
"TimAlsop" <TimAlsop@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:5B2A3E58-0817-412D-871F-2C7733545CBF@xxxxxxxxxxxxxxxx
I have a Windows application that runs on Windows 2000 or XP workstations.
This application needs to find out which groups the logged on user is a
member of.
I can see that we can use ADSI, or LDAP to find group membership
information
stored in AD for a specific user, but it seems like there must be a better
way. It is my understanding that when a user logs on the group membership
information is transmitted to the users workstation inside Kerberos
tickets,
so it must be available somewhere on workstation. Is there a Windows API
to
allow me to get this group membership info, or do I need to decode the
Kerberos tickets PAC data to get this info ?
Thanks,
Tim
.
- Follow-Ups:
- Re: Determine AD group membership
- From: Joe Richards [MVP]
- Re: Determine AD group membership
- Prev by Date: Re: Validate SSL server certificate??
- Next by Date: Re: Determine AD group membership
- Previous by thread: How to effectively change the status in custom gina
- Next by thread: Re: Determine AD group membership
- Index(es):
