Getting List of Current Group Memberships

by Oct 14, 2016

While you can contact the Active Directory to retrieve a list of group memberships for a user, a much easier way gets that information directly from a user’s access token – no AD contact needed.

This one-liner dumps the SIDs for all groups the current user is member of:

#requires -Version 3.0
[System.Security.Principal.WindowsIdentity]::GetCurrent().Groups.Value

And here is how you get a translated list of group names:

#requires -Version 3.0
[System.Security.Principal.WindowsIdentity]::GetCurrent().Groups.Translate( [System.Security.Principal.NTAccount])

If this list contains duplicates, then you know that you have multiple SIDs all pointing to the same name. This can occur when you have migrated your AD in the past (SID history). Just pipe the result to Sort-Object -Unique to remove duplicates.

Twitter This Tip! ReTweet this Tip!