The ActiveDirectory module (part of the free RSAT tools) provides a number of AD cmdlets. One of these can dump all direct group memberships, for example:
PS> Get-ADPrincipalGroupMembership -Identity $env:username
However, the cmdlet cannot list indirect group memberships, and it also has a bug: in some scenarios, it simply reports an „Unknown Error“.
Here is a simple alternative dumping all group memberships (including indirect memberships):
$user = Get-ADUser -Identity $Identity
$userdn = $user.DistinguishedName
$strFilter = "(member:1.2.840.1135184.108.40.2061:=$userdn)"
Get-ADGroup -LDAPFilter $strFilter -ResultPageSize 1000
Get-NestedGroupMember -Identity $env:username |
Select-Object -Property Name, DistinguishedName
ReTweet this Tip!
This appears to be an exact duplicate of this post. http://community.idera.com/powershell/powertips/b/tips/posts/finding-nested-ad-group-memberships.
Powered by IDERA