local domain group membership of users from a foreign domain

local domain group membership of users from a foreign domain

Post by amVlcHdyYW » Sat, 16 Jul 2005 01:19:09


Is there any way to do this directly (e.g. simply get a refence to the
foreign domain user and list the groups it belongs to in the local domain)?

I haven't come across any examples of this being done and I can't think of
any way other than to check for the foreign domain users' SDDLs in each of
the local groups.
 
 
 

local domain group membership of users from a foreign domain

Post by Dominick B » Sat, 16 Jul 2005 07:09:52

Hello jeepwran,

the only safe way doing this is to get a token for the user,

you could use LogonUser for that (requires a password) or the W2K3 Kerberos
protocol transition feature which is enabled by the ctor of WindowsIdentity
which takes a UPN of the user you want the token for.

---------------------------------------
Dominick Baier - DevelopMentor
http://www.yqcomputer.com/