This simple script will help you to get the list of ALL(both direct and indirect groups) the current user belongs. Generally we use Quest cmdlets to get this direct and indirect group membership information but this script uses buil-in dotnet method which is available on all computers if you have dotnet installed. So, no need of external dependencies like Quest AD cmdlets.
Function Get-AllUserGroups { [cmdletbinding()] param() $Groups = [System.Security.Principal.WindowsIdentity]::GetCurrent().Groups foreach ($Group in $Groups) { $GroupSID = $Group.Value $GroupName = New-Object System.Security.Principal.SecurityIdentifier($GroupSID) $GroupDisplayName = $GroupName.Translate([System.Security.Principal.NTAccount]) $GroupDisplayName } }
I still haven’t figured out a way to get the same information for a given user(not currently logged on user) using dotnet methods. Please let me know if you are aware of any such procedure.
[UPDATE]
Shay Levy has provided a way to do get the all groups of a given user account(see comments section). I am updating it here for everyone’s quick reference.
#curtsy : Shay Levy $userName = ‘sitaram’ Add-Type -AssemblyName System.DirectoryServices.AccountManagement $ct = [System.DirectoryServices.AccountManagement.ContextType]::Domain $user = [System.DirectoryServices.AccountManagement.Principal]::FindByIdentity($ct,$userName) $user.GetGroups() #gets all user groups (direct) $user.GetAuthorizationGroups() #gets all user groups including nested groups (indirect)
Hope this helps…