Get Token Groups

Nov 4, 2014 at 4:00 PM
Previously to get token groups I used the System.DirectoryServices API and could get this by sending over the following

User's distinguished name
Filter: (&(objectCategory=person))

Then looking for an attribute called "tokenGroups

how would I get users token groups using Linq to LDAP?
Nov 5, 2014 at 7:05 AM
According to this it looks like tokenGroups is an array of security identifiers. I guess I missed a mapping type, but you can use a Select to convert them.
//code to initialize your context

List<SecurityIdentifier> tokenGroups = context.Query("user's distinguished name", SearchScope.Base)
                .Select(da => da.GetByteArrays("tokenGroups"))
                .SelectMany(da => da.Select(bytes => new SecurityIdentifier(bytes, 0)))
And according to this, you may need to connect to the global catalog to get this information. I've never needed to get this specific attribute so I'm not 100% sure if you have to connect to the catalog, or one just needs to be present in the Forrest.
Nov 5, 2014 at 7:06 AM
This discussion has been copied to a work item. Click here to go to the work item and continue the discussion.
Nov 5, 2014 at 8:21 AM
Thank you for your quick response. Your example code is just what I was looking for.