Pardesi Services Logo Pardesi Services Logo

How To Get List Of Groups A User Belongs To

Platforms Tested On
Windows 2000 Pro   Windows XP Pro   Windows 2000 Adv Server    Windows .NET Ent Server (Build 3604)
User group list

This article discusses the implementation of an ASP COM component that can be used to get the list of Groups a user is member of on a local machine or a domain server. Microsoft provides ADSI to do most of the administrative tasks. But sometime it is more efficient to make use of direct Network API calls instead of ADSI. Especially if you are dealing with only one server or local machine, all the ADSI calls are routed through Network APIs. Therefore it makes more sense to use the Net API calls.

We have made an attemt to implement one such component that can be used to get the list groups a given user is member of. There is no rocket sciene involved in this operation. The key is just knowing the APIs that can be used to accomplish these tasks.

There are two APIs that can be used to get the groups information, NetUserGetGroups and NetUserGetLocalGroups. Depending on the nature of your requirement, you can use one of these APIs. As per the name of the later API, GetUserGetLocalGroups, can be used to list of local groups to which the user has membership. And the second API, NetUserGetLocalGroups, can be used to get the list of global groups to which the user has membership.

For purpose of this component, we have used only the local version of the API. But in the next version of the component, support will be added for both the APIs.

Component Implementation

This component has been implemented as an ATL/COM ASP component. The compoennt exposes a dual Interface, ITrusteeUtil, to encapsulate the calls to Win32 Network APIs. You can call GetGroupNamesOfUser method on this interface to get the list. The list is returned as a SAFEARRAY of VARIANTs containg BSTR values.

nStatus = NetUserGetLocalGroups((strServer.length() == 0) ? NULL : wchServer,
				(bIncludeIndirect) ? dwFlags : 0,
				(LPBYTE *) &pBuf,

If the call fails, the API returns Win32 error code. You can check that error to see the actual reason of failure. The error codes are pretty informative.

switch (nStatus)
		m_bstrErrors += L"\nThe user does not have access to the requested information.";
		m_bstrErrors += L"\nMore entries are available. Specify a large enough buffer to receive all entries.";
	case NERR_InvalidComputer:
		m_bstrErrors += L"\nThe computer name is invalid.";
	case NERR_UserNotFound:
		m_bstrErrors += L"The user name could not be found.";
		m_bstrErrors += L"\nGeneric Win32 Error.";

Client Implementation

Following javascript code shows how this component can be used on an ASP page.

	obNet = Server.CreateObject('Pardesi.TrusteeUtil');
	arrItems= new VBArray(obNet.GetGroupNamesOfUser(strUser, '', true));
	arrNames= arrItems.toArray(); 

And the following javascript shows how the returned array of names is used to display on the sample page contained in the attached project files.

	var lBound = arrItems.lbound();
	var uBound = arrItems.ubound();
	for (var i = lBound; i <= uBound; i++)
		Response.Write('<div align="center">');
Graphics Tools

Home     About us   Contact us  Copyright

Copyright (c) 1999-2002 Pardesi Services LLC

Hit Counter