Menu
SharePoint Workflow Extensions Kit

Get Active Directory groups where user is member

This activity returns collection of Get Active Directory groups where user is member. Supports “Distinguished Name” or “Account Name” output format.

By default, activity uses the current user when authenticating. If you want to use custom authentication, use “Set Active Directory authentication” activity before.

Note: Activity reads information from memberOf attribute. The memberOf attribute is a multi-valued attribute that contains groups of which the user is a direct member, depending on the domain controller (DC) from which this attribute is retrieved:

  • At a DC for the domain that contains the user, memberOf for the user is complete with respect to membership for groups in that domain; however, memberOf does not contain the user's membership in domain local and global groups in other domains.

  • At a GC server, memberOf for the user is complete with respect to all universal group memberships.

If both conditions are true for the DC, both sets of data are contained in memberOf.

Be aware that this attribute lists the groups that contain the user in their member attribute—it does not contain the recursive list of nested predecessors. For example, if user O is a member of group C and group B and group B were nested in group A, the memberOf attribute of user O would list group C and group B, but not group A.

This attribute is not stored—it is a computed back-link attribute.

More info about memberOf attribute you could find here http://msdn.microsoft.com/en-us/library/ms677943.aspx

SharePoint Workflow Designer Phrase

Get Account Name of Active Directory groups where this user is member from this domain and store result in variable.

Parameters

Parameter Description
Account Name Type of items in response. - DN – returns Distinguished Name of group - Account Name – returns account name of group
this user User or group login name. Ex: “user@domain”, “domain\user” or “user”
this domain Optional. Domain name. You should enter domain name if user name without a domain, otherwise it will be calculated from the group name.
Variable Output. Array List