<?php
 
function getUserGroups($username, $password) {
	// Active Directory server
	$ldap_host = "HOST";
	$ldapconfig['host'] = 'IP';
    $ldapconfig['port'] = 389;
 
	// Active Directory DN, base path for our querying user
	$ldap_dn = "////";
	
	// Connect to AD
	$ldap=ldap_connect($ldapconfig['host'], $ldapconfig['port']) or die("Could not connect to LDAP");
	$bind =ldap_bind($ldap, $username .'@' .$ldap_host, $password) or die("Could not bind to LDAP");
 
	// Search AD
	$results = ldap_search($ldap,$ldap_dn,"(samaccountname=$username)",array("memberof","primarygroupid"));
	$entries = ldap_get_entries($ldap, $results);
	
	// No information found, bad user
	if($entries['count'] == 0) return false;
	
	// Get groups and primary group token
	$output = $entries[0]['memberof'];
	$token = $entries[0]['primarygroupid'][0];
	
	// Remove extraneous first entry
	array_shift($output);
	
	// We need to look up the primary group, get list of all groups
	$results2 = ldap_search($ldap,$ldap_dn,"(objectcategory=group)",array("distinguishedname","primarygrouptoken"));
	$entries2 = ldap_get_entries($ldap, $results2);
	
	// Remove extraneous first entry
	array_shift($entries2);
	
	// Loop through and find group with a matching primary group token
	foreach($entries2 as $e) {
		if($e['primarygrouptoken'][0] == $token) {
			// Primary group found, add it to output array
			$output[] = $e['distinguishedname'][0];
			// Break loop
			break;
		}
	}
 
	return $output;

}
$groups = getUserGroups("testuser", "123Test123");
 
if (in_array("groupnamehere", $groups)) {
	echo "Access granted!";
} else {
	echo "Access denied!";
}

?>