CODEWITHSUNDEEP
powershell
Uwe Ziegenhagen
Uwe Ziegenhagen

Reputation: 694

List group memberships for AD users

Using the following Powershell snippet I get the names of the group memberships for the current user:

$groups = [System.Security.Principal.WindowsIdentity]::GetCurrent().Groups
foreach($i in $groups){
$i.Translate([System.Security.Principal.NTAccount]).value
}

How can I modify this such I can supply the user account name as parameter?

Thanks,

Uwe

Upvotes: 4

Views: 24773

Answers (3)

Ryker Abel
Ryker Abel

Reputation: 639

get-help is your best friend:

PS> get-help *member*

Name                              Category  Synopsis
----                              --------  --------
Export-ModuleMember               Cmdlet    Specifies the module members that are exported.
Add-Member                        Cmdlet    Adds a user-defined custom member to an instance of a Windows PowerShell object.
Get-Member                        Cmdlet    Gets the properties and methods of objects.
Add-ADGroupMember                 Cmdlet    Adds one or more members to an Active Directory group.
Add-ADPrincipalGroupMembership    Cmdlet    Adds a member to one or more Active Directory groups.
Get-ADGroupMember                 Cmdlet    Gets the members of an Active Directory group.
Get-ADPrincipalGroupMembership    Cmdlet    Gets the Active Directory groups that have a specified user, computer, group, or ser...
Remove-ADGroupMember              Cmdlet    Removes one or more members from an Active Directory group.
Remove-ADPrincipalGroupMembership Cmdlet    Removes a member from one or more Active Directory groups.

so:

 $username = "someusername"
 get-adprincipalgroupmembership $username | select name

Upvotes: 0

jon Z
jon Z

Reputation: 16646

If you have access to the ActiveDirectory module, I'd suggest you use Get-ADUser. In case you can't use that module, you could use the System.DirectoryServices.AccountManagement assembly:

Add-Type -AssemblyName System.DirectoryServices.AccountManagement
$username = read-host -prompt "Enter a username"
$ct = [System.DirectoryServices.AccountManagement.ContextType]::Domain
$user = [System.DirectoryServices.AccountManagement.UserPrincipal]::FindByIdentity($ct, $username)
$groups = $user.GetGroups()
foreach($i in $groups){
  $i.SamAccountName
}

Upvotes: 11

CB.
CB.

Reputation: 60976

You can download from Quest site this PSSnapin: Quest.ActiveRoles.ADManagement. (ActiveRoles Management Shell for Active Directory ) Is freeware and the you can do:

(get-qaduser username).memberof

To get the list of direct groups membership for the user 'username'

Upvotes: 1

Related Questions