According to this, AD LDS roles are AD groups that reside in the CN=Roles
container of your LDS instance - right?
With the classes in the System.DirectoryServices.AccountManagement
(S.DS.AM) namespace, you can get those groups pretty easily:
// set up the "ApplicationDirectory" context and use the "CN=Roles" container
PrincipalContext ctx = new PrincipalContext(ContextType.ApplicationDirectory, "ldsserver:389", "CN=Roles,DC=YourCompany,DC=com");
// set up a "QBE" group principal
GroupPrincipal qbeGroup = new GroupPrincipal(ctx);
// create your principal searcher passing in the QBE principal
PrincipalSearcher srch = new PrincipalSearcher(qbeGroup);
// find all matches
foreach(var found in srch.FindAll())
{
// do whatever here - "found" should be "GroupPrincipal" types only
}
Read all about the System.DirectoryServices.AccountManagement
(S.DS.AM) namespace here:
- Managing Directory Security Principals in the .NET Framework 3.5
- MSDN docs on System.DirectoryServices.AccountManagement
The new S.DS.AM makes it really easy to play around with users and groups in AD (and AD LDS)!