Get a User's Active Directory Groups

Problem:

You need to list out a User's AD Groups quickly and in a way you can copy and paste them.

Solution:

So we can use the Get-ADUser cmlet with the "Properties" parameter specifying "Member Of" to get a list of AD Groups. The issue is the groups are formatted as distinguished names which are not very easy to read.

PS C:\Users\jheisler> (Get-ADUser -Identity "jheisler" -Properties "MemberOf").MemberOf
CN=ITTeam,OU=O365,DC=johnjheisler,DC=com
CN=ACL-ITDevOps,OU=Security Groups,OU=Groups,DC=johnjheisler,DC=com

Thankfully, All we need to do to overcome this is pipe the Get-ADUser cmdlet into a Get-ADGroup cmdlet. Then we can specify the "Name" property off the AD Group objects.

PS C:\Users\jheisler> ((Get-ADUser -Identity "jheisler" -Properties "MemberOf").memberof | Get-ADGroup).Name
ITTeam
ACL_ITDevOps

That's it. A quick and clean way to list a user's AD Groups.

Comments

Popular posts from this blog

Create Profiles for Managing Microsoft Exchange using Windows Terminal (Online and On-Prem)

Give a User 'SendAs' permssions to a Mail-Enabled AD Group in Exchange Online