Add users of an AD Group to the SharePoint Site


Recently, I had a requirement from my Customer which required to add an AD groups’s user to the SharePoint site. As you know, if you try to add the SharePoint group directly to the SharePoint site, it would simply create the group but wouldn’t add the users. So you need to explicitly add users to the site. Customer wanted me to provide some utility that could automate this process.

The key to this solution involves Querying the AD group to get the users that belong to the AD group and then adding these users to the SharePoint Site. To ge the list of the users from AD, Asp.Net provides the namespace - System.DirectoryServices. The namespace exposes a number of classes that allow you to query the AD. BElow is the sample code to get a list of users from AD:

   1: public static List<UserInfo> PopulateUserInfoFromADGroup(string GroupId)
   2:         {
   3:             //PLease set the GC or LDAP server name
   4:             string domain = "GC://corp.emailserver.com";
   5:             System.DirectoryServices.DirectoryEntry entry = new DirectoryEntry(domain);
   6:  
   7:             DirectorySearcher adSearcher = new DirectorySearcher(entry);
   8:             adSearcher.SearchScope = SearchScope.Subtree;
   9:  
  10:             // Please remember to have change the below string
  11:             // OU=Distribution Lists,DC=domain,DC=corp,DC=microsoft,DC=com
  12:             // The string was for our domain so you need to change the domain string to your domain string
  13:             //It mostly is of the format abc.abc.abc.com so have four DC variables with value as 
  14:             // DC=abc,DC=abc,DC=abc,DC=com
  15:             adSearcher.Filter = "(&(objectClass=user)(memberOf=CN=" + GroupId + ",OU=Distribution Lists,DC=domain,DC=corp,DC=microsoft,DC=com))";
  16:             SearchResultCollection oResult = adSearcher.FindAll();
  17:  
  18:             List<UserInfo> userList = new List<UserInfo>();
  19:  
  20:             if (oResult != null)
  21:             {
  22:                 foreach (SearchResult result in oResult)
  23:                 {
  24:                     UserInfo user = new UserInfo();
  25:                     ResultPropertyValueCollection propColl = result.Properties["sAMAccountName"];
  26:                     ResultPropertyValueCollection propCollName = result.Properties["displayname"];
  27:                     ResultPropertyValueCollection propCollMail = result.Properties["mail"];
  28:                     ResultPropertyValueCollection propCollDomain = result.Properties["msds-SourceObjectdn"];
  29:                     for (int i = 0; i < propColl.Count; i++)
  30:                     {
  31:                         user.UserEmail = propCollMail[i].ToString();
  32:                         user.userLoginName = propColl[i].ToString();
  33:                         user.USerName = propCollName[i].ToString();
  34:  
  35:                         //Get the Domain Name
  36:                         string DomainName = propCollDomain[i].ToString();
  37:                         Char comma = ',';
  38:                         string[] test = DomainName.Split(comma);
  39:                         user.DomainName = test[2].Remove(0, 3);
  40:                         userList.Add(user);
  41:                     }
  42:                 }
  43:             }
  44:  
  45:             return userList;
  46:         }

 

After you have got the list of users from AD, you can simply add the Users to the SharePoint site.

   1: static void Main(string[] args)
   2:         {
   3:             string strSiteCollectionUrl, strADGroupName;
   4:  
   5:             Console.WriteLine("Enter Site Collection Url: (Press Enter after entering the url)");
   6:             strSiteCollectionUrl = Console.ReadLine();
   7:  
   8:  
   9:             Console.WriteLine("Enter Friendly AD Group Name: (Press Enter after entering the Name)");
  10:             strADGroupName = Console.ReadLine();
  11:  
  12:             List<UserInfo> userList = new List<UserInfo>();
  13:             userList = PopulateUserInfoFromADGroup(strADGroupName);
  14:  
  15:             SPSite site = new SPSite(strSiteCollectionUrl);
  16:             SPWeb web = site.OpenWeb();
  17:  
  18:             SPGroup AddUserGroup;
  19:             //Check if Group Exists
  20:             
  21:             
  22:             foreach (UserInfo user in userList)
  23:             {
  24:                 SPRoleDefinitionCollection roleDefinitions = web.RoleDefinitions;
  25:                 SPRoleAssignmentCollection roleAssignments = web.RoleAssignments;
  26:                 SPRoleAssignment roleAssignment = new SPRoleAssignment(user.DomainName + "\\" + user.userLoginName, user.UserEmail, user.USerName, "");
  27:                 SPRoleDefinitionBindingCollection roleDefBindings = roleAssignment.RoleDefinitionBindings;
  28:                 roleDefBindings.Add(roleDefinitions.GetByType(SPRoleType.Contributor));
  29:                 roleAssignments.Add(roleAssignment);
  30:                 SPUser newUser = web.SiteUsers[user.DomainName + "\\" + user.userLoginName];
  31:                 try
  32:                 {
  33:                     AddUserGroup = web.SiteGroups[strADGroupName];
  34:                 }
  35:                 catch
  36:                 {
  37:                     web.SiteGroups.Add(strADGroupName,newUser,newUser,"");
  38:                 }
  39:                 AddUserGroup = web.SiteGroups[strADGroupName];
  40:                 AddUserGroup.AddUser(user.DomainName + "\\" + user.userLoginName, user.UserEmail, user.USerName, "");
  41:             }
  42:             
  43:         }    
  44:  
  45: /// <summary>
  46:     /// Class with User details
  47:     /// </summary>
  48:     public class UserInfo
  49:     {
  50:         private string _userLoginName;
  51:  
  52:         public string userLoginName
  53:         {
  54:             get { return _userLoginName; }
  55:             set { _userLoginName = value; }
  56:         }
  57:  
  58:         private string _userName;
  59:  
  60:         public string USerName
  61:         {
  62:             get { return _userName; }
  63:             set { _userName = value; }
  64:         }
  65:  
  66:         private string _userEmail;
  67:  
  68:         public string UserEmail
  69:         {
  70:             get { return _userEmail; }
  71:             set { _userEmail = value; }
  72:         }
  73:  
  74:         private string _domainName;
  75:  
  76:         public string DomainName
  77:         {
  78:             get { return _domainName; }
  79:             set { _domainName = value; }
  80:         }
  81:     
  82:     
  83:  
  84:     }


Comments (3)

  1. Interesante articulo que nos explica una forma (via desarrollo) para integrar los usuarios de grupos

  2. When using the sample in practice, one shouldn’t forget that most of DirectoryServices objects are IDisposable and should best be disposed as soon as possible.

    The problem is, there is some resource you may "run out of" when you use DirectoryServices objects in long-running processes (I’ve seen in practice, but now don’t remember the actual error message).

    The change applies to objects ‘DirectoryEntry entry’ (line 5), DirectorySearcher adSearcher (line 7), SearchResultCollection oResult (line 16)

    The easiest way is to wrap the statements within a Using{…} statement.

Skip to main content