Reading Users from AD Global Groups added as part of SharePoint groups

read global group users in sharepoint 2013

In this article, we will be learning how to read the users from Active Directory (AD) Global Groups (GG) added as part of SharePoint group. We will read using SharePoint 2013 server object model code.


SharePoint 2016 Tutorial Contents

Scenario

My user wanted to send email to all the users in a specific AD global group depending on a business condition.

Solution using Visual WebPart

I have implemented the below code to read the users from the global group added in SharePoint group inside a visual web part. If you are new to visual web part you can download and FREE PDF Ebook on SharePoint 2016 Create and Deploy Visual web part using Visual Studio 2015.



private static bool IsUserInADGroup(SPWeb web, string groupName, string username, out bool reachedMax,ListBox lstRoles, ListBox lstADgrps, string strgrpName, string adGrpName, string spGrpName)
{
bool usrFlag = false;
// SPUtility call to get principals in the group

SPPrincipalInfo[] principals = SPUtility.GetPrincipalsInGroup(web, groupName, 500, out reachedMax);

// If no principals found then indicate the same
if (principals == null || principals.Length == 0)
{
return false;
}
else
{
// Loop through principals
string upperCaseUserName = username.ToUpper();
foreach (SPPrincipalInfo principal in principals)
{
//TODO: Determine which principal.PrincipalType to ignore
// Check if the principal is a valid user and if so check to see if it is the one we are looking for
if (!principal.IsSharePointGroup && principal.PrincipalType != SPPrincipalType.SecurityGroup && principal.DisplayName.ToUpper() != “SYSTEM ACCOUNT”)
{
if (strgrpName.CompareTo(spGrpName) == 0 && (adGrpName.CompareTo(adGrpName) ==0))
{
lstRoles.Items.Add(principal.DisplayName);
}
// Check if the user matches the user we are looking for
if (principal.LoginName.ToUpper() == upperCaseUserName)
{
//lstRoles.Items.Add(groupName);
usrFlag = true;
}
}
// If Principal is a Security Group (AD Group) then recurse through it
else if (principal.PrincipalType == SPPrincipalType.SecurityGroup)
{
if (strgrpName.CompareTo(spGrpName) == 0 && principal.DisplayName.CompareTo(adGrpName) == 0)
{
lstADgrps.Items.Add(principal.DisplayName);
}
if (principal.DisplayName.CompareTo(adGrpName) == 0)
{
// Check for users in the security groups
if (IsUserInADGroup(web, principal.LoginName, username, out reachedMax, lstRoles, lstADgrps, strgrpName, adGrpName, spGrpName))
{
usrFlag = true;
}
}
}
}
}
return usrFlag;
}

protected void Button1_Click(object sender, EventArgs e)
{
bool reachedMax = false;
try
{
SPSecurity.RunWithElevatedPrivileges(delegate ()
{
using (SPSite site = new SPSite(“http://localhost:9999”))
{
SPUser loggedinUser = SPContext.Current.Web.CurrentUser;
using (SPWeb objWeb = site.OpenWeb())
{
SPGroupCollection groupColl = objWeb.Groups;
string loginname = loggedinUser.ToString();
foreach (SPGroup group in groupColl)
{
try
{
if (IsUserInADGroup(objWeb, group.Name, loggedinUser.ToString(), out reachedMax, lstRoles, lstADgrps, group.Name, txtADGrpName.Text, txtSHPGrpName.Text))
{
lstSHPGrpName.Items.Add(group.Name);
SPRoleAssignment currentUserRole = objWeb.RoleAssignments.GetAssignmentByPrincipal(group);
foreach (SPRoleDefinition role in currentUserRole.RoleDefinitionBindings)
{
lstPermissions.Items.Add(role.Name);
}
}
}
catch (Exception ex)
{
//lblError.Text = “Error in group looping && Group Name=” + group.Name + “::” + ex.Message;
}
}
}
}
});
}
catch (Exception ex)
{
lblError.Text = “Error::” + ex.Message;
}
}

In the above code, I am reading all the users from the global group and also ensuring that the username is not System Account as I need not send email to that user.

OutPut with all the users in AD GG

read global group users in sharepoint 2013
read global group users in SharePoint 2013


Hope this helps you guys, Happy SharePointing !!!

Check out Best Alternative to InfoPath -> Try Now

You May Also like the Following SharePoint Online Tutorials:

About Krishna Vandanapu

I am Krishna.Vandanapu a SharePoint architect working in IT from last 12 years, I worked in SharePoint 2007, 2010, 2013, 2016 and Office 365. I have extensive hands on experience in customizing SharePoint sites from end to end. Expertise in SharePoint migration tools like Sharegate, Doc Ave and Metalogix. Migrated SharePoint sites from SharePoint 2007 to 2010 and 2010 to 2013 several times seamlessly. Implementing CSOM with Microsoft best practices. Spent quality time in configuring SharePoint application services like User Profile, Search, Managed Meta data services etc. Now exploring SharePoint Framework and SharePoint 2019

View all posts by Krishna Vandanapu →