"Dan Falcone" wrote:

> Richard Ruben wrote:
> > Im trying to find out if a user belongs to a certain group in our domain. I
> > used it before and it works fine. Now i want to do the same but with a
> > groupname that has a white space in the middle of it. for example: DOMAIN\GRP
> > APP.
> > When i call the IsInRole with this groupname it fails and always returns
> > false. I looked in my AD my user is a member of this group.
> > It looks to me that it has trouble with groups that have white space in
> > them, but can somebody confirm that and tell me what to do about it.
> >
> > Thanks,
> >
> > Richard Ruben
> >
>
> Try escaping the backslash and space characters like this:
>
> bool result = windowsPrincipal.IsInRole("DOMAIN\\GRP\ APP");
>
> HTH,
> Dan
>

"Richard Ruben" <RichardRu***@discussions.microsoft.com> wrote in message
news:D63F5FA0-7C42-4DB0-8F03-78CBED9A383F@microsoft.com...
>I tried that and it didn´t work.
>
> "Dan Falcone" wrote:
>
>> Richard Ruben wrote:
>> > Im trying to find out if a user belongs to a certain group in our
>> > domain. I
>> > used it before and it works fine. Now i want to do the same but with a
>> > groupname that has a white space in the middle of it. for example:
>> > DOMAIN\GRP
>> > APP.
>> > When i call the IsInRole with this groupname it fails and always
>> > returns
>> > false. I looked in my AD my user is a member of this group.
>> > It looks to me that it has trouble with groups that have white space in
>> > them, but can somebody confirm that and tell me what to do about it.
>> >
>> > Thanks,
>> >
>> > Richard Ruben
>> >
>>
>> Try escaping the backslash and space characters like this:
>>
>> bool result = windowsPrincipal.IsInRole("DOMAIN\\GRP\ APP");
>>
>> HTH,
>> Dan
>>

"Joe Kaplan (MVP - ADSI)" wrote:

> Actually, IsInRole should work fine with group names that contain spaces.
> I'd be certain that the actual sAMAccountName of the group contains spaces
> and not the displayName or CN.  They can all be different.  The
> sAMAccountName is what is used in domain\groupname name, with the domain
> part being the NETBIOS name of the domain.
>
> You can get these lower level attribute details from AD with a lower level
> tool like ADSI Edit or ldp.exe.  AD U&C provides "friendly" names for AD
> attributes and doesn't necessarily show you what's going on under the hood.
>
> Also, you can use some reflection code to view the actual list of groups in
> the WindowsPrincipal as a debugging technique.  I find this useful when
> things are behaving the way I expect.  Essentially, you want to invoke the
> private _getroles method on the WindowsIdentity object.  I probably have
> some sample code if you need it.
>
> Joe K.
>
> "Richard Ruben" <RichardRu***@discussions.microsoft.com> wrote in message
> news:D63F5FA0-7C42-4DB0-8F03-78CBED9A383F@microsoft.com...
> >I tried that and it didn´t work.
> >
> > "Dan Falcone" wrote:
> >
> >> Richard Ruben wrote:
> >> > Im trying to find out if a user belongs to a certain group in our
> >> > domain. I
> >> > used it before and it works fine. Now i want to do the same but with a
> >> > groupname that has a white space in the middle of it. for example:
> >> > DOMAIN\GRP
> >> > APP.
> >> > When i call the IsInRole with this groupname it fails and always
> >> > returns
> >> > false. I looked in my AD my user is a member of this group.
> >> > It looks to me that it has trouble with groups that have white space in
> >> > them, but can somebody confirm that and tell me what to do about it.
> >> >
> >> > Thanks,
> >> >
> >> > Richard Ruben
> >> >
> >>
> >> Try escaping the backslash and space characters like this:
> >>
> >> bool result = windowsPrincipal.IsInRole("DOMAIN\\GRP\ APP");
> >>
> >> HTH,
> >> Dan
> >>
>
>
>