Extracting User List from AD Groups in SharePoint Sites For All Site Users

There is a nice web part called “Site Users” that will display SharePoint users and SharePoint Groups that have access to the site on the webpage.  This is an out of the box (OOTB) webpart, but will only display the name of the AD group and not the members within it.

In order to display all the user names for the site, we need to create a custom webpart to handle this additional expansion that will query the Active Directory LDAP store.  Time to fire up Visual Studio…I won’t go into all the details for solution set up, but here’s the basic functionality…

First we create a function where we pass in an AD group and get back a StringCollection of the users’ names:

//Query Active Directory to get users from Active Directory Groups 
public StringCollection GetGroupMembers(stringstrGroup)
{
    StringCollection groupMemebers = new StringCollection(); 
    try
    {
        DirectoryEntry ent = new DirectoryEntry(LDAP://OU=yourCompanyOU,DC=yourCompanyDC);
        DirectorySearcher srch = new DirectorySearcher(“(CN=” + strGroup + “)”);
        SearchResultCollection coll = srch.FindAll(); 
        foreach (SearchResult rs in coll)
        {
            ResultPropertyCollection resultPropColl = rs.Properties;
            foreach (Object memberColl in resultPropColl["member"])
            {
                DirectoryEntry gpMemberEntry = new DirectoryEntry(“LDAP://”+ memberColl);
                System.DirectoryServices.PropertyCollection userProps = gpMemberEntry.Properties;
                //getting user properties from AD
                object obVal = userProps["displayName"].Value;
                object obAcc = userProps["sAMAccountName"].Value;
                if (null != obVal) 
                {
                    groupMemebers.Add( “User Name:” +obAcc.ToString() + “, User login name:” + obVal.ToString() + “<br>”);
                }
            }
        }
    }
    catch (Exception ex)
    {//writer.Write(ex.Message);}
    Return groupMemebers;
}

We also need to get the names of the site users from the SharePoint security groups:

ArrayList belongToDomain = new ArrayList(); 
ArrayList names = new ArrayList();
using(SPSite collSite = new SPSite(SPContext.Current.Site.ID))
{
    using (SPWeb elevatedWeb = collSite.OpenWeb(SPContext.Current.Web.ID))
    {//All users in the site
        SPUserCollection collUser = SPContext.Current.Web.AllUsers;
        SPGroupCollection collgroup = SPContext.Current.Web.Groups;
        //for each item in the collection of groups
        foreach (object group in collgroup)
        {
            //We don’t care about displaying the visitors
            if (group.ToString() != “Visitors”)
            {
                //check that the users in the site collection belong to current site group
                foreach (SPUser singleuser in collUser)
                {//get the list of groups that the user belongs to
                    foreach (SPGroup userGroup in singleuser.Groups)
                    {//check if it matches any of the current site groups
                        if (group.ToString() == userGroup.ToString())
                        {//check if the user from the sharepoint group is a AD group
                            if (singleuser.IsDomainGroup)
                            {//pass the name into Array that query the AD
                                belongToDomain.Add(singleuser.ToString());
                            }
                            else
                            {//otherwise add into the Array that stores list of names, in case the user name is not from an AD group.
                                names.Add(singleuser.LoginName);
                            }
                        }
                    }
                }
            }
        }
    }
}

Now that we have this big array of user names, we need to make sure that there are no duplicate names, as a user can possibly be in multiple groups. So call the function below and pass in the names array so we have a distinct list:

//remove duplicate users name Function 
public ArrayList RemoveDups(ArrayList items)
{
    ArrayList noDups = new ArrayList();
    foreach (string strItem in items)
    {
        if (!noDups.Contains(strItem.Trim()))
        {
            noDups.Add(strItem.Trim());
        }
    }
    noDups.Sort();
    return noDups;
}

 

And there you go, full expansion of an AD group to return a distinct ArrayList of users who have access to the site.

3 thoughts on “Extracting User List from AD Groups in SharePoint Sites For All Site Users”

  1. Any chance you could post the code in the usable syntax meaning the entire Visual Studio setup? I’m new to SharePoint and Visual Studio.

Leave a Reply