I need to get all the User objects that are part of a certain group (let's call it "SourceGroup") from Active Directory in domain MYDOMAIN.CC. This includes resolving nested groups (recursively).
I am working with UserPrincipal and PrincipalContext to achieve this. The GetMember(true) resolves the groups automatically and it works fine.
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain))//, url + ":3268"))
using (GroupPrincipal grp = GroupPrincipal.FindByIdentity(ctx, IdentityType.Name, groupName))
{
var users = grp.GetMembers(true)
.AsParallel()
.Select(member => PersonPrincipal.FindByIdentity(ctx, IdentityType.Guid, member.Guid.Value.ToString()))
.Where(user => user != null && userFilterFunction == null || userFilterFunction(user));
return users.ToList();
}
Now, a problem occured when MYDOMAIN.CC's "SourceGroup" got members from another domain, namely US.MYDOMAIN.CC. I then changed the query to search the global catalog:
new PrincipalContext(ContextType.Domain, "MYDOMAIN.CC:3268"))
It now works for US.MYDOMAIN.CC users which are directly put into MYDOMAIN.CC\SourceGroup. But the problem is that it ignores nested groups now (it only returns the users that are directly on the group).
I have a feeling this may be because the global catalog doesn't have the group memberships? Does anyone know an approach that allows me to get the group members across domains?