
You can assign permissions to users, SharePoint groups and Active Directory groups in SharePoint. While SharePoint groups cannot contain other SharePoint groups, it is possible to nest Active Directory Groups. The SharePoint method SPGroup.Users only returns users that are added directly to the SharePoint Group. I have written a small function that is able to retrieve all users of a SPPrincipal object, included nested users.
The picture beneath gives an example of a rather complex permission configuration.
Now if you would like to retrieve all members of the group ‘SharePoint Group B’, including the user ‘Alain de Klerk’ you can use the following function:
private void ResolveGroup(SPWeb web, SPPrincipal principal, List<SPUser> users) { if (principal.GetType() == typeof(SPUser)) { SPUser user = principal as SPUser; if (!user.IsDomainGroup) { users.Add(user); } else { Boolean reachedMaxCount; SPPrincipalInfo[] groupMembers = SPUtility.GetPrincipalsInGroup(web, principal.LoginName, 9999, out reachedMaxCount); if (groupMembers == null) return; foreach (SPPrincipalInfo member in groupMembers) { switch (member.PrincipalType) { case SPPrincipalType.SecurityGroup: { ResolveGroup(web, web.EnsureUser(member.LoginName), users); break; } case SPPrincipalType.DistributionList: { ResolveGroup(web, web.EnsureUser(member.LoginName), users); break; } case SPPrincipalType.SharePointGroup: { ResolveGroup(web, web.Groups[member.LoginName], users); break; } case SPPrincipalType.User: { try{users.Add(web.EnsureUser(member.LoginName));} catch (Exception) { }//build proper error handling! break; } default: { break; } } } } } else { SPGroup group = principal as SPGroup; foreach (SPUser groupUser in group.Users) { ResolveGroup(web, groupUser, users); } } }