Hi all,
I have a problem while working on Active Directory, so could you please help me to resolve this problem
I have 2 domain: domain "ABC.LOCAL", domain "CHILD1.ABC.LOCAL", CHILD1 is child domain of ABC.LOCAL
In domain ABC.LOCAL, create an account ABC\testaccount and create a Domain Global Group ABC\parentgroup and add test account to this group.
In domain CHILD1.ABC.LOCAL, create a Domain Local Group CHILD1\parentgroup and add ABC\parentgroup to this group
After logon to a computer by using ABC\testaccount (Administrator permission), I use below source code to reading user security groups from Active Directory, but the result is missing all domain local groups.
private void GetAuthorizationGroups(ref Dictionary<SecurityIdentifier, Principal> arrGroup)
{
UserPrincipal user = UserPrincipal.Current;
PrincipalSearchResult<Principal> groups;
groups = user.GetAuthorizationGroups();
IEnumerator<Principal> iterGroup = groups.GetEnumerator();
using (iterGroup)
{
while (iterGroup.MoveNext())
{
try
{
Principal p = iterGroup.Current;
System.Diagnostics.Debug.WriteLine(string.Format("{0}[SID: {1}]", GetADPath(p.Sid), p.Sid));
if (!arrGroup.ContainsKey(p.Sid))
{
arrGroup.Add(p.Sid, p);
}
}
catch (Exception pex)
{
System.Diagnostics.Debug.WriteLine(pex.Message);
continue;
}
}
}
}
Why domain local groups isn't listed in this case? Is that limitation of Domain Local Group?Thank you