Via the Directory Searcher in C# we want to get information about a user from the Active Directory in Windows. We want to know all the groups of a specific user:
var lDomain = "DomainA";
var lSamAccountName = "MyUserName";
var lDirectoryEntry = new DirectoryEntry("LDAP://" + lDomain);
using (DirectorySearcher lDirectorySearcher = new DirectorySearcher(String.Format("(&(objectClass=user)(sAMAccountName={0}))", lSamAccountName)))
{
lDirectorySearcher.SearchRoot = lDirectoryEntry;
lDirectorySearcher.SearchScope = SearchScope.Subtree;
lDirectorySearcher.PropertiesToLoad.Add("memberOf");
[...]
}
Question 1: Is it possible, that a User in Domain A is a member of a group that is defined in Domain B?
Question 2: Is it possible, that a User in Fores A is a member of a group that is defined in Forest B?
Yes, a user can be a Member from a Group in a different domain. This is defined by the scope the group has.
Users from any domain in the same forest (collection of domains) can be in this group.
Only Users from the same domain are allowed
Only Users from the any domain or any trusted domain are allowed (This includes other forests altogether).
For further reading go here.