.NET Framework Class Library
UserPrincipal..::.GetAuthorizationGroups Method

Returns a collection of principal objects that contains all the authorization groups of which this user is a member. This function only returns groups that are security groups; distribution groups are not returned.

Namespace:  System.DirectoryServices.AccountManagement
Assembly:  System.DirectoryServices.AccountManagement (in System.DirectoryServices.AccountManagement.dll)
Syntax
Visual Basic (Declaration) 
Public Function GetAuthorizationGroups As PrincipalSearchResult(Of Principal)
Visual Basic (Usage) 
Dim instance As UserPrincipal
Dim returnValue As PrincipalSearchResult(Of Principal)

returnValue = instance.GetAuthorizationGroups()
C# 
public PrincipalSearchResult<Principal> GetAuthorizationGroups()
Visual C++ 
public:
PrincipalSearchResult<Principal^>^ GetAuthorizationGroups()
JScript 
public function GetAuthorizationGroups() : PrincipalSearchResult<Principal>

Return Value

Type: System.DirectoryServices.AccountManagement..::.PrincipalSearchResult<(Of <(Principal>)>)
A collection of Principal objects that contain the groups of which the user is a member, or null if the user does not belong to any groups.
Exceptions
ExceptionCondition
PrincipalOperationException

The attempt to retrieve authorization groups failed.

[T:System>NotSupportedException]

The retrieval of authorization groups is not supported by this operating system.

Remarks

This method searches all groups recursively and returns the groups in which the user is a member. The returned set may also include additional groups that system would consider the user a member of for authorization purposes.

The groups that are returned by this method may include groups from a different scope and store than the principal. For example, if the principal is an AD DS object that has a DN of “CN=SpecialGroups,DC=Fabrikam,DC=com, the returned set can contain groups that belong to the “CN=NormalGroups,DC=Fabrikam,DC=com.

Platforms

Windows 7, Windows Vista, Windows XP SP2, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003

The .NET Framework and .NET Compact Framework do not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.
Version Information

.NET Framework

Supported in: 3.5
See Also

Reference

UserPrincipal Class
UserPrincipal Members
System.DirectoryServices.AccountManagement Namespace
System.DirectoryServices.AccountManagement

Other Resources

System.DirectoryServices.AccountManagement Namespace Overview
Tags :


Community Content

mihavalencic
Problems using this functionality
As noted here (http://directoryprogramming.net/forums/thread/6797.aspx), there is a very strange behaviour calling this function (or even GetGroups). In certain scenarios, it fails with error message (UserPrincipal GetAuthorizationGroups exception: 'Information about the domain could not be retrieved (1355)' ).

I am not sure what all the failing scenarios are, but in my case, the client connecting to AD is not in a domain and is a completely separate machine (WS 2008). Most of the other features are working (creating, listing, deleting, enabling, disabling users, finding groups in the AD), but retrieving groups for the user or assigning/removing a user to/from the group triggered an exception mentioned above.

The forum posting referenced above mentioned adding the AD host to the DNS servers entries, and that indeed fixed my issue. I am puzzled as to why that works. I believe this should not happen -- I believe the functionality should be working in the first place, as some people don't have the possibility to change the DNS server on the machine.

Also, I don't know what happens if one connects to AD LDS.
Tags : bug security ad

Page view tracker