PowerShell – Get all nested groups for a user in Active Directory

Ever needed to get all nested groups a user belongs in Active Directory?

 

Experienced advanced operations engineer with a demonstrated history of working in the information technology and services industry. Skilled in Windows Server, Azure, Ethical Hacking, Office 365, Exchange, Jenkins, SCCM, Octopus Deploy and PowerShell to name a few. Strong engineering professional with a big passion for knowledge.

9 Comments

  1. criffo

    very nice presentation and good DFS implementation
    I encountered the need as well because of RBAC and external trusts.
    I developped as well a powershell function but based on a BFS and set parameters to take into account the scope search forest, domain, domain trusts forest trusts or explicit domains. I used the.net classes so no need for the RSAT and activedirectory module. I shared the function on my github for anyone who might have some interest as well
    https://github.com/criffo/getADObjectMEmberOfCustom

  2. Tim Oosterhoff

    What is the need for the line : If($ADObject) ?
    Because if the value is $null the foreach loop does not iterate. That is okay.

      1. Garrett Mattingly

        What Henrik is referring to is that the memberof attribute does not contain the Primary Group. Most often this is Domain Users but it cannot be assumed. Compare output from get-adprincipalgroupmembership versus the contents of the memberof attribute and you can see the discrepancy.

  3. Perica Veljanovski

    This function doesn’t work for Irish people 🙂
    If the DistinguishedName has a ‘ in the person’s name (like O’Reilly) then it will not work.

  4. Gwyn

    I had a similar problem to what Perica describes, but for the names of OUs. Some of our OUs have ‘single quote’ characters in their names. This script does not like them.

    Great job otherwise. Thanks.

  5. Pingback: AD Nested User Permissions – ? About Tech

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.