Enumerate Group Membership

With powershell you can get an insight about the nested group in the AD and enumerate group membership.

Which users are members of the Domain Admins group?

Get-ADGroupMember "Domain Admins" | ft name

1	Get-ADGroupMember "Domain Admins" \| ft name

In which groups is an user a member?

Get-ADPrincipalGroupMembership user | ft name

1	Get-ADPrincipalGroupMembership user \| ft name

Is a user a nested member of the Domains Admins group?

Get-ADUser -Filter 'memberof -recursivematch "cn=domain admins,cn=users,dc=test,dc=internal"' | ft name

1	Get-ADUser -Filter 'memberof -recursivematch "cn=domain admins,cn=users,dc=test,dc=internal"' \| ft name

Posted in 70-410, AD

AvB Powershell