Get Token Groups

Nov 4, 2014 at 4:00 PM
Previously to get token groups I used the System.DirectoryServices API and could get this by sending over the following

User's distinguished name
Filter: (&(objectCategory=person))
SearchScope.Base

Then looking for an attribute called "tokenGroups

how would I get users token groups using Linq to LDAP?
Coordinator
Nov 5, 2014 at 7:05 AM
According to this it looks like tokenGroups is an array of security identifiers. I guess I missed a mapping type, but you can use a Select to convert them.
//code to initialize your context

List<SecurityIdentifier> tokenGroups = context.Query("user's distinguished name", SearchScope.Base)
                .Where("(&(objectCategory=person))")
                .Select(da => da.GetByteArrays("tokenGroups"))
                .ToList()
                .SelectMany(da => da.Select(bytes => new SecurityIdentifier(bytes, 0)))
                .ToList();
And according to this, you may need to connect to the global catalog to get this information. I've never needed to get this specific attribute so I'm not 100% sure if you have to connect to the catalog, or one just needs to be present in the Forrest.
Coordinator
Nov 5, 2014 at 7:06 AM
This discussion has been copied to a work item. Click here to go to the work item and continue the discussion.
Nov 5, 2014 at 8:21 AM
Thank you for your quick response. Your example code is just what I was looking for.