I'm trying to get one user group in SP 2010. I currently have five groups but SPGroupCollection only contains two when i read the groups with oSPWeb.Groups. Anyone know if there is any security or other reason for this?
Code:
using (SPSite oSPsite = new SPSite(_serverUrl))
{
using (SPWeb oSPWeb = oSPsite.OpenWeb())
{
SPGroup spGroup = oSPWeb.Groups["AIT Owners"];
}
}
Yes, there is a security reason. The Groups property will only return groups that have assigned permissions within the website, while the SiteGroups property returns all groups within the site collection.
For more information, there are a number of blog articles that cover the difference.
Related
I have been sitting for this question so long and could not find an answer for it anywhere, however I know many companies are using what I want to do so I decided to put it on here.
What I would like to do is:
Store Windows users and/or AD groups in my database, assigning them to roles in the application. Of course these roles will be linked in my database to the user or group.
For a user, this is easy because you already have the user name when he/she logs in.
I want to find out in my app if the user belongs to any of the AD groups stored in my database and assign his/her permissions accordingly.
So here's an example:
I know my user has an entry in my database user/groups table: I know he is in the AD group called "MyAppGroup\MyDomain".
What is the easiest way to find out from my list of groups in the database to find out a user is in it?
As mentioned in the comments, the data you are looking for is already stored in Active Directory; you don't need to add it to your database at all.
You can query AD (including group membership and a ton of other data) using the System.DirectoryServices.AccountManagement API.
Here's a small example of how to retrieve the groups that a user is a member of:
using System.DirectoryServices.AccountManagement;
// ...
public List<string> GetGroupsForUser(string domain, string ou, string samAccountName)
{
var groups = new List<string>();
using (var principalContext = new PrincipalContext(ContextType.Domain, domain, ou))
using (var userPrinicpal = UserPrincipal.FindByIdentity(principalContext,
IdentityType.SamAccountName, samAccountName))
{
if (userPrinicpal == null)
return null;
foreach (var securityGroup in userPrinicpal.GetAuthorizationGroups())
groups.Add(securityGroup.DisplayName);
}
return groups;
}
i have a sharepoint 2013 project and i need to create a list of all employees created on active diretory in last 30 days.
What is the best way to do that?
I think that i can do a c# query to active directory using the system.DirectoryServices but because i'm implementing this on a sharepoint farm i dont know if is the best way to do that.
On sharepoint i have the User Profile Service running, so my question is if i can do this with the User Profile Service or use the "old c# way"
Thanks
Flávio
If you run "user profile service synchronization" service, your "user information list" will be uptade. Then you can filter the list by created date. Also you can synch. any AD field with "user information list"
(simple : http://yasingokhanyuksel.blogspot.com.tr/2015/11/sharepoint-survey-add-active-directory.html)
"user information list" is hidden, so type http://yourSiteUrl/_catalogs/users/simple.aspx
more information
http://zimmergren.net/technical/sharepoints-hidden-user-list-user-information-list
ygy59 is right about the hidden "user information list" being the only source of a date for a user in SharePoint. To access it programmatically you would do something like this:
using (ClientContext context = new ClientContext(projURL))
{
CamlQuery query = new CamlQuery();
query.ViewXml = "";
ListItemCollection items = context.Web.SiteUserInfoList.GetItems(query);
context.Load(items);
context.ExecuteQuery();
foreach (ListItem item in items)
{
DateTime hireDate = (DateTime)item["Created"];
if(hireDate > DateTime.Today.AddDays(-30))
{
Console.WriteLine(item["Name"]);
}
}
Console.ReadLine();
}
It's important to note that this is the date the item was added to SharePoint and not the day the account was created. That is something you can control via your server settings though.
Flávio,
When I have created these sorts of solutions for SharePoint environments in the past I have often had to edit them once live to take account of "new requirements" which weren't specified at the beginning.
I would suggest that you architect your solution so that it is simple for the user and or yourself to add extra fields to display, and select by other time periods e.g. new users in past 7 days, new users in past 90 days. OR display firstname, logon, lastname, department, manager, email, phone etc
We did this for one project by allowing specific URL parameters to be used e.g. myreport.aspx?numdays=60&display=firstname,manager,email
Good luck
Dorje
SharePoint's user profile service is useful for a lot of things, but I'm not sure it's warranted here (you're not creating audiences, aggregating user information from multiple sources, exposing editable properties, etc.).
Assuming this is an on-premises SharePoint farm coupled with an on-premises Active Directory, I would just hit up Active Directory directly for this information.
As you mentioned, you'll need to add a reference to System.DirectoryServices in your C# code.
string subpath = "CN=something, CN=com"; // CNs appropriate to your environment here
string filter = ""; // append additional LDAP filter parameters as necessary
// build LDAP filter query
DateTime date = DateTime.UtcNow;
date.AddDays(-30);
string LDAPQuery = "(&(whenCreated>="+date.ToString("YYYYMMdd")+"000000.0Z)" + filter + ")";
// get DNS host name
DirectoryEntry entry = new DirectoryEntry("LDAP://RootDSE");
Object value = entry.NativeObject;
string dnsHostName = entry.Properties["dnsHostName"].value.ToString();
// search Active Directory
DirectorySearcher searcher = new DirectorySearcher();
searcher.Filter = LDAPQuery;
searcher.SearchRoot = new DirectoryEntry("LDAP://"+dnsHostName+"/"+subpath);
SearchResultCollection results = searcher.FindAll();
// then iterate through results and
// either display them on a page or create items in a list
As Dorje McKinnon mentioned, it's a good idea to make the code flexible enough to accommodate new requirements. I'd parameterize the LDAP query and subpath strings and put them in a SharePoint list somewhere, then have your C# code retrieve them from the SharePoint list before it executes the query.
If this code is going to be run frequently, and if it's only really being used for reporting purposes, you might want to avoid creating SharePoint list items for each of the AD profiles discovered, and instead just show the results on a page, such as in a grid view.
I have to check usergroups of LDAP Active Directory for a specific user in C#. Mean I pass this username to a method and it returns me list of group from that user belongs. Can You Please help me in this. Im Searching alot But Everytime get new error.
LDAP Path: 192.168.1.4
Domain Name: Arslan
UserName: ArslanP
Password: testad
Since you're on .NET 3.5 and up, you should check out the System.DirectoryServices.AccountManagement (S.DS.AM) namespace. Read all about it here:
Managing Directory Security Principals in the .NET Framework 3.5
Basically, add a reference to the assembly System.DirectoryServices.AccountManagement, and then you can define a domain context and easily find users and/or groups in AD:
using System.DirectoryServices.AccountManagement;
public List<GroupPrincipal> GetGroupsForUser(string username)
{
List<GroupPrincipal> result = new List<GroupPrincipal>();
// set up domain context - if you do a lot of requests, you might
// want to create that outside the method and pass it in as a parameter
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);
// find user by name
UserPrincipal user = UserPrincipal.FindByIdentity(username);
// get the user's groups
if(user != null)
{
foreach(GroupPrincipal gp in user.GetAuthorizationGroups())
{
result.Add(gp);
}
}
return result;
}
The new S.DS.AM makes it really easy to play around with users and groups in AD:
This related question may help you:
Get List of Users From Active Directory In A Given AD Group
It asks the reverse question, which is how to qet a list of users when you know the group, but other answers may be of use to you as well.
See also the answer to this question:
How to get all the AD groups for a particular user?
I am new to SharePoint Services and I hit a wall with one of my tasks. I need to retrieve data from a Site Column. How do I get about that? So far I only see APIs that can retrieve lists and not site columns.
Please let me know if any of you know to do this.
Thanks !!
using(SPSite site = new SPSite("http://portal"))
{
using (SPWeb web = site.RootWeb)
{
foreach (SPField field in web.Fields)
{
Console.WriteLine(field.Title);
}
}
}
These will give you all the columns for a web (in this case, the RootWeb). If your site column is related to a list, you need to get directly from the SPListItem property (ex.: item["CustomAssociatedColumn"])
currently I'm trying to retrieve all the groups that is in my sharepoint site. After which, I need to know which users are in the group and the level of site permission for each user. I'm using WSS 3.0 , developing in C# (visual studio 2008).
Help really needed as I'm still new in this area. Thanks in advance!
Groups can be found like:
SPSite siteCollection = new SPSite("site url");
SPWeb site = siteCollection.OpenWeb();
foreach(SPGroup group in site.Groups){
Console.WriteLine(group.Name);
foreach(SPUser u in group.Users){
//will give you users in group, you can then grab the roles of the user
}
}
To find what permissions a role has:
SPSite oSiteCollection = SPContext.Current.Site;
using(SPWeb oWebsite = oSiteCollection.AllWebs["Site_Name"])
{
SPMember oMember = oWebsite.Roles["Role_Name"];
oWebsite.Permissions[oMember].PermissionMask =
SPRights.ManageLists | SPRights.ManageListPermissions;
}
The permissions matrix can be found here
If you are looking for code to work for using client object model, you may review the following links.
For getting the groups.
http://social.technet.microsoft.com/wiki/contents/articles/24075.how-to-get-sharepoint-user-group-names-in-a-netc-client-application-using-sharepoint-client-object-model.aspx
For getting the permission levels associated with groups.
http://social.technet.microsoft.com/wiki/contents/articles/24087.how-to-get-the-permission-levels-associated-with-sharepoint-user-groups-using-client-object-model-in-netc.aspx