As you may be aware by now, AX allows one to create users of type “active directory group” which if setup will auto-create users who belong to that group when they try to login. Furthermore users (whether auto-created or manually created) who belong to these groups will inherit the security permissions assigned to these groups.
One challenge however is, to debug this. I.E. Finding out which users are members of specific groups or what groups a specific user belongs to. My previous post was about how to determine ownership via command line. After a bit of reflection I thought this may be better and more useful to have this functionality directly within AX. Using Attached is an XPO with the relevant code (use at your own risk).
Basically it adds a class to AX as well as a lookup menu item to UserListPage form and the User form.
Please let me know your comments.
Here is a sample job if you don’t want to download the full project. It prints all groups for a user.
static void adGroups(Args _args)
CLRObject groups, enum;
System.String domain, username1,groupName;
Userid userId = curUserId();
permission = new InteropPermission(InteropKind::CLRInterop);
yourDomain = new System.DirectoryServices.AccountManagement.PrincipalContext(System.DirectoryServices.AccountManagement.ContextType::Domain);
// find your user
userInfo = xUserInfo::find(false, userId);
domain = UserInfo.networkDomain;
username1 = UserInfo.networkAlias;
user = System.DirectoryServices.AccountManagement.UserPrincipal::FindByIdentity(yourDomain, username1);
// if found - grab its groups
if(user != null)
groups = user.GetAuthorizationGroups();
enum = groups.GetEnumerator();
p = enum.get_Current();
groupName = p.get_Name();
groupN = groupName;