Sometimes it’s good to know which AD-groups a user is member of, sure it’s easy to look in the ADUC and look at the “Member of” tab… But that doesn’t tell the full story since a group can be member of another group.
Here’s a nice function I wrote which finds the groups the user is member of and all Nestled groups aswell.
You need to have the ActiveDirectory module loaded.
function Get-GroupMembership
{
[CmdletBinding()]
Param
(
[Parameter (Mandatory=$true)]
[string]$User,
[int]$Nested = 0
)
$Nested++
foreach( $temp in (Get-ADPrincipalGroupMembership ($User) -ErrorAction SilentlyContinue))
{
[int]$n=1
while ( $n -lt $Nested )
{
$space+="`t"
$n++
}
Write-Host $space $temp.name
Get-GroupMembership -User $temp.SamAccountName -Nested $Nested
$space=""
}
}
Use the function like this
Get-GroupMembership -User fbarrud
And my example output
Domain Users Users Normal Users FileShare2 Domain Admins Administrators Denied RODC Password Replication Group FileShare1
If you have any suggestions or questions, don’t hesitate to leave a comment 🙂