I have work with Active Directory by add reference to Authentication and start validate the login user if his/her username and password is correct or not.

The main point here is how can I check if this user (after his/her successfully login) is belongs to specific role inside AD
in other words need an action to check if user under an AD role or not
Hi Mohamed

One way you can do it is using the built-in Integrated Authentication funcionality - if you use it, you can use the primitives to get the details of the user and the groups it belongs to.

You can try the attached eSpace to see what I mean.

Another option is to code an extension, using the same mechanism that Authentication uses to check the user and using the related method to check group membership. I don't have Visual Studio here, but I will try to post an example using that technique tomorrow.


Hello Acacio,

I need to check if user belongs to specifique AD Group but i can't use Integrated Authentication.
Do you have an extension for this ?

Thanks advance,
Hi Joel,

Have you tried to use the Authentication extension that is installed by default?
If you need to see an example of how to use it, open the Users application and check its login logic.
I'm trying to use active directory authentication (without integrated authentication) and I don't see any way to retrieve information about what Groups/Organizational Units an Active Directory user belongs to.
The ActiveDirectory_GetAccountDetails action only gives you username, email and phone number information.
The ActiveDirectory_ValidateLogin action only tells you whether or not the credentials are valid.
I don't see anywhere in the Users espace where it gets information about Active Directory Groups.
Hi Corey,

I don't think you find it without creating your own extension. In here i don't have access to the extension i've created to check if the user belongs to a AD Group in a recursive way but tomorrow i will upload it with an example.

Have a nice day.

Hi guys.

I noticed this post the other day (whilst searching for Active Directory group-searching) and decided to give the whole 'extension-creation' thing a go.

I now have a working (on my network) example... as bad as it may be - but i will let you decide that.

It includes two Actions - both are the same code but one includes Windows impersonation (my OutSystems account does not have the correct privilages for AD searching).

Hi Adam,

Awesome! Share it on the Forge.
Sorry Joao,
but I think somebody beat me to the punch - with a much more encompassing extension (set).

besides; my code is second rate... i doubt it deserves (or could surivive) public access.