I'm attempting to use VB and ASP.NET 2.0 to read an ActiveDirectory group and determine whether the current user is in the group or not. The name is passed to the function in loginStr. It should be dead simple, but I'm getting weird results, and would appreciate it if someone could let me know what I should be looking for from here.
Public Shared Function KnownUser(ByVal loginStr As String) As Boolean
Dim isValid As Boolean
Dim strUser As String
Dim adsRoot As New DirectoryEntry("LDAP://CN=svc_githd,OU=Service Accounts,OU=User Accounts,OU=WD,OU=Americas,DC=MyCompany,DC=com")
Dim adsSearch As DirectorySearcher = New DirectorySearcher(adsRoot)
strUser = Mid(loginStr, InStr(1, loginStr, "\") + 1)
adsSearch.PropertiesToLoad.Add("sAMAccountName")
adsSearch.PropertiesToLoad.Add("memberOf")
Dim oResult As SearchResult
Dim adsGrpcn As String
isValid = False
Try
oResult = adsSearch.FindOne()
For Each adsGrpcn In oResult.GetDirectoryEntry().Properties("memberOf").Value
If adsGrpcn = "MyGroup" Then isValid = True
Next
Catch ex As Exception
Dim msg As String = ex.Message
msg = msg & "---"
End Try
Return isValid
End Function
When I step through the code with the debugger, adsGrpcn has, in turn, each character in "CN=SVC_HDAccounts,OU=Security,OU=Groups,OU=Americas,DC=MyCompany,DC=com" (minus the quotes, of course). I know there's something simple I'm missing. How do I check individual user accounts within the group indicated?