Batallas con Grupos del Directorio Activo con System.DirectoryServices.AccountManagement

2 views
Skip to first unread message

Carlos Admirador

unread,
Sep 9, 2022, 7:08:50 AMSep 9
to AltNet-Hispano
Utilizo System.DirectoryServices.AccountManagement para manejar el directorio activo en NET (C#).

Escenario 1: Obtener grupos de un usuario

user.GetGroups() tiene limitaciones y bugs, problemas de rendimiento también.

https://www.gabescode.com/active-directory/2018/06/08/finding-all-of-a-users-groups.html

https://www.gabescode.com/active-directory/2018/12/15/better-performance-activedirectory.html

UserPrincipal.GetGroups vs. UserPrincipal.GetAuthorizationGroups?

So GetGroups gets all groups of which the user is a direct member,

and GetAuthorizationGroups gets all authorization groups of which the user is a direct or indirect member.

I assume GetAuthorizationGroups() calls in to tokenGroups in AD. To read that, your service account (or IIS machine account if Network Service) needs to be in the Windows Authorization Access group in AD.
Reply all
Reply to author
Forward
0 new messages