I have a Sitecore site that uses the AD module for connecting to an Active Directory. Let's say that we have a Role defined in Sitecore called "Content Authors". Content Authors may contain individual user accounts - "jsmith" - or it might contain an entire AD Group - "Northeast Managers". I need to get a list of all users who are in the "Content Authors" role, either directly or indirectly (through an AD group). Right now my code only seems to be returning users that are directly a member of the "Content Authors" role. Here is my code:

string[] _roleUserNames = System.Web.Security.Roles.GetUsersInRole("Content Authors");

I was assuming that this code would return the "effective" list of everyone who is in that role. It seems to only return people who are directly in that role. Does anyone know if there is some other way of getting everyone in a role?

I figured out that this is a specific issue to Sitecore as Sitecore allows Roles in Roles and that functionality is built on top of the MS ASP.NET Membership stuff. To get all users in a role including "indirect" users you should use the following code:

IEnumerable<User> _roleUsers = Sitecore.Security.Accounts.RolesInRolesManager.GetUsersInRole(Role.FromName("Content Authors"), true);

This will give you all of the users including indirect users.

I know this is old, but I ran into this same problem and the above solution did not work for us. The indirect users in Active Directory were not found, only indirect users in Sitecore roles.

Further investigation into the AD module role provider seems to indicate that there is code for indirect roles, but that the call to get to it doesn't seem to function. dotPeek showed me that there is an explicit setting of 'false' for a parameter that would trigger indirect roles searching for users, and was not reading from the setting.

We needed to decompile the AD 1.1 code, and then fix that part in order to get it working.