Programs demonstrating functions to test for group membership. The method you chose to test for group membership will depend on the following factors - which client operating system the program will run on, how many group tests you anticipate, whether you want to recognize membership in nested groups, whether you want to recognize membership in the "Primary Group", how many users and/or computers you will test for group membership, whether you have cross-domain groups, and how many groups you have.
An efficient function to test group membership for a single user. Does NOT reveal "Nested Group" memberships, but does reveal membership in the "Primary Group". Uses the WinNT provider.
An efficient function to test group membership for a single user or computer. Reveals "Nested Group" memberships, but does NOT reveal membership in the "Primary Group". Uses the LDAP provider.
An efficient function to test group membership for a any number of users or computers. Reveals "Nested Group" memberships, but does NOT reveal membership in the "Primary Group". Uses the LDAP provider and a recursive subroutine to enumerate group memberships. Will reveal cross-domain group membership.
An efficient function to test group membership for a single user or computer. Reveals membership in "Nested Groups" and the "Primary Group". Uses the LDAP provider and the "tokenGroups" attribute of the user. Will not reveal cross-domain group membership. An equivalent PowerShell script is also provided.
An efficient function to test group membership for any number of users or computers. Reveals membership in "Nested Groups" and the "Primary Group". Uses the LDAP provider and the "tokenGroups" attribute of the user or computer. Will not reveal cross-domain group membership. An equivalent PowerShell script is also provided.
An efficient function to test group membership for any number of users or computers. Reveals membership in "Nested Groups" and the "Primary Group". Uses a recursive subroutine to enumerate group memberships. Will reveal cross-domain group membership.
An efficient function to test group membership for a single user or computer. Reveals membership in "Nested Groups", but not the "Primary Group". Uses ADO to search for memberships. This reduces the number of objects in Active Directory that must be bound to, which makes the function faster in some situations.
An efficient function to test group membership for any number of users or computers. Reveals membership in "Nested Groups" and the "Primary Group". Uses the tokenGroups attribute and ADO to retrieve the names of the groups. Should be faster if your users are members of many groups. Will not reveal cross-domain group membership. An equivalent PowerShell script is also provided.
A program demonstrating how to test for membership in a local group on a computer, such as the local Administrators group. This program handles group nesting of local groups, plus nested domain groups that are members of the local group.
A program demonstrating how to test for membership in the local Administrators group on a computer, even if the group has been renamed. This program handles group nesting of local groups, plus nested domain groups that are members of the local group.
Discussion of various methods used to check for membership. Also, pitfalls to avoid when dealing with the memberOf attribute of objects. This discussion also applies to the member attribute of group objects.