Reputation: 63
List all groups and their descriptions for a specific user in Active Directory using PowerShell
I am trying to get the list of a specific user’s groups and the groups’ descriptions using PowerShell.
import-module activedirectory
$username = Read-Host 'Please enter Username!'
Get-ADPrincipalGroupMembership $username | select name, description
The description field returns blank.
Upvotes: 6
Views: 83928
Answers (5)
Reputation: 1
For a list of groups a user is member of:
(get-aduser NameOfTheUser -properties *).memberof
Upvotes: 0
Reputation: 31
Here is a simple but effective script to get AD Group info.
Get-ADGroup -filter * -Properties * | Select Name,GroupCategory,Description | Export-Csv D:\Test\SecurityGroups.csv
Just add or remove the attributes you would like to see in the Select area. To see a list of usable attributes you can do something like this:
Get-ADGroup -filter * -Properties * | Where-Object {$_.Name -eq 'DHCP Users' }
Upvotes: 3
Reputation: 509
Get-ADPrincipalGroupMembership should work but fails if any group has a NAME containing '/' (which is a legal character in names as far as I understood the MS AD documentation).
This forces a heavy workaround:
$Groups = (Get-ADUser -identity $TemplateUserName -server $TemplateUserDomain -Properties MemberOf|select memberof).MemberOf|Get-ADGroup -Server :3268
foreach ($Group in $Groups)
{
Write-Output $Group.Name
}
Notice I use a domain search for the user's properties and then a search in global catalog (-server :3268) for each group. Else you eventually won't get all of the user's groups or you'll get an error if any group belongs to a different domain than the user.
Upvotes: 0
Reputation: 1
For Users
Get-ADUser -Filter {name -eq $username} -Properties * | select name,description
For Groups
Get-ADGroup -Filter {displayname -eq $groupname} -Properties * | select name,description
Upvotes: -1
Reputation: 13551
From Get-ADPrincipalGroupMembership manual:
The Get-ADPrincipalGroupMembership cmdlet returns a default set of ADGroup property values. To retrieve additional ADGroup properties pass the ADGroups objects produced by this cmdlet through the pipline to Get-ADGroup. Specify the additional properties required from the group objects by passing the -Properties parameter to Get-ADGroup.
So, let’s do it!
import-module activedirectory
$username = Read-Host 'Please enter Username!'
Get-ADPrincipalGroupMembership $username | Get-ADGroup -Properties * | select name, description
Also, in this case it should be enough to specify name,description instead of asterisk (*). If this is a performance issue, replace it. I am leaving it at asterisk because you might later change your mind about which properties you need.
Upvotes: 7
Related Questions
- How to get all groups that a user is a member of?
- Output list of all Active Directory users and all groups each user is a member of
- Script To extract a list of AD Groups a USER is a Member OF
- List all Sub-Groups (members) of Groups in Active Directory - Powershell
- Getting AD groups and their users
- How to get all ldetails of the list of specific user's group and description using powershell?
- POWERSHELL: List all users/members in a specific AD OU Group
- Getting all Active Directory groups that contain a certain description using powershell
- PowerShell: Get all groups a member belongs to, include group type
- List group memberships for AD users