In the previous tip we illustrated how you can use the cmdlets in the ActiveDirectory module to find all direct and indirect memberships for an Active Directory user.
If you have no access to the ActiveDirectory module, PowerShell can also use pure .NET methods to get the memberships:
function Get-NestedGroupMember { param ( [Parameter(Mandatory,ValueFromPipeline)] [string] $distinguishedName ) process { $DomainController = $env:logonserver.Replace("\\","") $Domain = New-Object System.DirectoryServices.DirectoryEntry("LDAP://$DomainController") $Searcher = New-Object System.DirectoryServices.DirectorySearcher($Domain) $Searcher.PageSize = 1000 $Searcher.SearchScope = "subtree" $Searcher.Filter = "(&(objectClass=group)(member:1.2.840.113556.1.4.1941:=$distinguishedName))" # attention: property names are case-sensitive! $colProplist = "name","distinguishedName" foreach ($i in $colPropList){$Searcher.PropertiesToLoad.Add($i) | Out-Null} $all = $Searcher.FindAll() $all.Properties | ForEach-Object { [PSCustomObject]@{ # attention: property names on right side are case-sensitive! Name = $_.name[0] DN = $_.distinguishedname[0] } } } } # make sure you specify a valid distinguishedname for a user below Get-NestedGroupMember -distinguishedName 'CN=UserName,DC=powershell,DC=local'
