If you are checking the current user and you know the name of the group you want, you shouldn't need to enumerate through all the groups. Here's example code in VB.NET:

如果您正在检查当前用户并且您知道所需组的名称，则不需要枚举所有组。下面是 VB.NET 中的示例代码：

Public Function IsInGroup(ByVal GroupName As String) As Boolean
    Dim MyIdentity As System.Security.Principal.WindowsIdentity = System.Security.Principal.WindowsIdentity.GetCurrent()
    Dim MyPrincipal As System.Security.Principal.WindowsPrincipal = New System.Security.Principal.WindowsPrincipal(MyIdentity)
    Return MyPrincipal.IsInRole(GroupName)
End Function

Similarly in C#:

在 C# 中类似：

private static bool IsInGroup(string GroupName)
{
    System.Security.Principal.WindowsIdentity MyIdentity = System.Security.Principal.WindowsIdentity.GetCurrent();
    System.Security.Principal.WindowsPrincipal MyPrincipal = new System.Security.Principal.WindowsPrincipal(MyIdentity);
    return MyPrincipal.IsInRole(GroupName);
}

More examples can be found in the WindowsIdentity documentation, if you need to tweak it to check a different user's membership or whatever.

更多示例可以在WindowsIdentity 文档中找到，如果您需要调整它以检查不同用户的成员身份或其他任何内容。

I think you do have to enumerate groups.

我认为你必须枚举组。

Have a look at these two answers for a variety of techniques:

看看这两个关于各种技术的答案：

See if user is part of Active Directory group in C# + Asp.net

查看用户是否属于 C# + Asp.net 中的 Active Directory 组

How to write LDAP query to test if user is member of a group?

如何编写 LDAP 查询来测试用户是否是组成员？