Extending GroupPrincipal and Members property

Question

I want to extend the GroupPrincipal class to handle some custom properties:

using System.DirectoryServices.AccountManagement;

[DirectoryRdnPrefix("CN")]
[DirectoryObjectClass("group")]
public class MyGroupPrincipal : GroupPrincipal {
    // ...
}

How could I override the Members property for MyGroupPrincipal so that if it has a member that is a group an instance of MyGroupPrincipal and not of GroupPrincipal is returned? I would like to write e.g.

MyGroupPrincipal group = GetGroup();
foreach (var m in group.Members) {
    if (m is MyGroupPrincipal) { // always fails: m is a normal GroupPrincipal 
        // do something
    }
}

Answer 1

There is no way to directly override the Members property of GroupPrincipal. Instead you can roll your own method (sorry for no clean cut code, but I've used portions of the below described solutiont through out my code).

I've found that many times with the AccountManagement library that you just have to use the base DirectoryEntry to get things done right. You can access the base object by using group.GetUnderlyingObject(), then read the membership by iterating deGroup.Properties("member"). Read each members type (can't remember the property name, maybe 'member.SchemaClassName'?) and distinguishedName (member.Properties("distinguishedName")(0).ToString()) Then create a switch statement based on type where you create each principal using the distinguished name MyGroupPrincipal.FindByIdentity(context, distinguishedName), and do the same for users, etc...