mibuso.com
Home NAV Three Tier

[NAV 2013] Getting list of Windows Groups and Group Members

ShedmanShedman Member Posts: 194
edited 2013-08-26 in NAV Three Tier
For one of our customers, we have some functionality that creates a list of windows groups and the windows logins that are a member of these groups.

Before NAV 2013 we used system table 2000000052 - Windows Group Member for this. Unfortunately, in NAV 2013 this table has been removed.


Of course in NAV 2013 we have dotnet variables ( :D ), so I've been googling for C# examples of how this is done, but I haven't gotten it to work within NAV yet.


Does anyone have a solution to find the windows groups and their users from within NAV 2013?

Answers

  • ShedmanShedman Member Posts: 194
    With help of Google and this forum post I have managed to fix it \:D/

    The tricky bit was converting the values from the PrincipalSearchResult to a type that can be read and understood by NAV. I've tried arrays and lists, but that doesn't work. Ultimately I tried creating an IEnumerator, which to my knowledge doesn't work in NAV 2009, and that works!

    I've created the following DotNet variables: 
    ContextType@1001 : DotNet "'System.DirectoryServices.AccountManagement, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'.System.DirectoryServices.AccountManagement.ContextType";
PrincipalContext@1000 : DotNet "'System.DirectoryServices.AccountManagement, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'.System.DirectoryServices.AccountManagement.PrincipalContext";
GroupPrincipal@1002 : DotNet "'System.DirectoryServices.AccountManagement, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'.System.DirectoryServices.AccountManagement.GroupPrincipal";
PrincipalSearcher@1003 : DotNet "'System.DirectoryServices.AccountManagement, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'.System.DirectoryServices.AccountManagement.PrincipalSearcher";
PrincipalSearchResult@1004 : DotNet "'System.DirectoryServices.AccountManagement, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'.System.DirectoryServices.AccountManagement.PrincipalSearchResult`1";
MemberSearchResult@1006 : DotNet "'System.DirectoryServices.AccountManagement, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'.System.DirectoryServices.AccountManagement.PrincipalSearchResult`1";
MemberPrincipal@1008 : DotNet "'System.DirectoryServices.AccountManagement, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'.System.DirectoryServices.AccountManagement.Principal";
GroupIEnumerator@1010 : DotNet "'mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'.System.Collections.IEnumerator";
MemberIEnumerator@1005 : DotNet "'mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'.System.Collections.IEnumerator";

    And then the code for NAV is: 
    //Do some setup for the variables
PrincipalContext := PrincipalContext.PrincipalContext(ContextType.Domain);
GroupPrincipal := GroupPrincipal.GroupPrincipal(PrincipalContext);

//Set the PrincipalSearcher en get the SearchResult
PrincipalSearcher := PrincipalSearcher.PrincipalSearcher(GroupPrincipal);
PrincipalSearchResult := PrincipalSearcher.FindAll;

//Convert the SearchResult to and IEnumerator that contains the Windows Groups
GroupIEnumerator := PrincipalSearchResult.GetEnumerator;

//Loop over the Groups
WHILE GroupIEnumerator.MoveNext DO BEGIN
  GroupPrincipal := GroupIEnumerator.Current; //Get the current Group

  //Get the Members of the Group and fill the IEnumerator for Members
  MemberSearchResult := GroupPrincipal.GetMembers(TRUE); //Parameter is for Recursion
  MemberIEnumerator := MemberSearchResult.GetEnumerator;
 
  //Loop over the Members
  WHILE MemberIEnumerator.MoveNext DO BEGIN
    MemberPrincipal := MemberIEnumerator.Current; //Get the current Member

   //...
   <Insert your code to do whatever you need with the info from the group and the member>
   //...
  END;
END;
  • ReinhardReinhard Member Posts: 249
    Hi Shedman,
    Thank you this has been very helpful. We have the same problem.
    When I run your code, it lists all the entries in AD. I'm trying to figure out how to get just the SIDs for the current user (ie all the Windows Groups they belong to)
    The goal is to see if a user has a specific role assigned, either directly to the user, or indirectly to a group they are part of. We're trying to reproduce the functionality of the "User SID" in 2009.

    I hope that makes sense, if you know anything about it that would be awesome. I'm playing around with the various settings in those .NET objects and researching on the web but not getting to far yet.

    - Reinhard
    Oztera
  • ShedmanShedman Member Posts: 194
    Hi Reinhard,

    With the code I provided you get an insight in the Windows Groups and the Members of those Windows Groups. A member of a Windows Group can be another Windows Group or a Windows User. If you look into the members of the principals, you'll find the SamAccountName, which relates to the Windows User Name and the GUID, which I also found helpful.

    You could loop over the principals and create an overview of which members belong to a group (top down) and then go backup through it per User to find the groups it is a member of.

    Hope this helps!
Sign In or Register to comment.