Powershell: How to get all the AD groups current user belongs

by Sitaram Pamarthi on May 22, 2012

This simple script will help you to get the list of ALL(both direct and indirect groups) the current user belongs. Generally we use Quest cmdlets to get this direct and indirect group membership information but this script uses buil-in dotnet method which is available on all computers if you have dotnet installed. So, no need of external dependencies like Quest AD cmdlets.

Function Get-AllUserGroups {
[cmdletbinding()]
param()
$Groups = [System.Security.Principal.WindowsIdentity]::GetCurrent().Groups
foreach ($Group in $Groups) {
  $GroupSID = $Group.Value
  $GroupName = New-Object System.Security.Principal.SecurityIdentifier($GroupSID)
  $GroupDisplayName = $GroupName.Translate([System.Security.Principal.NTAccount])
  $GroupDisplayName
  }
}

I still haven’t figured out a way to get the same information for a given user(not currently logged on user) using dotnet methods. Please let me know if you are aware of any such procedure.

[UPDATE]

Shay Levy has provided a way to do get the all groups of a given user account(see comments section). I am updating it here for everyone’s quick reference.

#curtsy : Shay Levy             

$userName = ‘sitaram’            
Add-Type -AssemblyName System.DirectoryServices.AccountManagement            
$ct = [System.DirectoryServices.AccountManagement.ContextType]::Domain            
$user = [System.DirectoryServices.AccountManagement.Principal]::FindByIdentity($ct,$userName)            
$user.GetGroups() #gets all user groups (direct)            
$user.GetAuthorizationGroups() #gets all user groups including nested groups (indirect)

Hope this helps…

This post was written by...

– who has written 503 posts on Techibee.com.

Sitaram Pamarthi is a windows administrators with 9+ years of experience.read more

{ 6 comments… read them below or add one }

Leave a Comment

Previous post:

Next post: