List AD group membership readable
If you want to get a list of all the AD groups a user is member of you can use
|
1 |
Get-ADUser <username> -Properties memberof |
This will give you a overview of the groups the user is a member of. It is however not easy to read. To get a list use Get-ADPrincipalGroupMembership. This will give you a list with one groupname per line.
|
1 |
Get-ADPrincipalGroupMembership <username> | select name |
Result:
|
1 2 3 4 5 |
name ---- Domain Users Administrators Domain Admins |
To view the hierarchical structure:
|
1 |
(get-aduser <username> -properties memberof).memberof |
result:
|
1 2 |
CN=Domain Admins,CN=Users,DC=metterwoon,DC=nl CN=Administrators,CN=Builtin,DC=metterwoon,DC=nl |
Note that the last result does not display the domain users