Get all groups an user is member of.

Sometimes it’s good to know which AD-groups a user is member of, sure it’s easy to look in the ADUC and look at the “Member of” tab… But that doesn’t tell the full story since a group can be member of another group.

Here’s a nice function I wrote which finds the groups the user is member of and all Nestled groups aswell.

You need to have the ActiveDirectory module loaded.

function Get-GroupMembership
{    
    [CmdletBinding()]    
    Param    
    (       
        [Parameter (Mandatory=$true)]       
        [string]$User,       
        [int]$Nested = 0    
    )         
    
    $Nested++    
    
    foreach( $temp in (Get-ADPrincipalGroupMembership ($User) -ErrorAction SilentlyContinue))    
    {        
        [int]$n=1        
        while ( $n -lt $Nested )        
        {            
            $space+="`t"            
            $n++        
        }        
        Write-Host $space $temp.name        
        Get-GroupMembership -User $temp.SamAccountName -Nested $Nested        
        $space=""    
    }
}

Use the function like this

Get-GroupMembership -User fbarrud

And my example output

 Domain Users
	 Users
	 Normal Users
		 FileShare2
 Domain Admins
	 Administrators
	 Denied RODC Password Replication Group
 FileShare1

If you have any suggestions or questions, don’t hesitate to leave a comment :)

Leave a Reply

Your email address will not be published. Required fields are marked *