Get a User's Active Directory Groups
Problem:
You need to list out a User's AD Groups quickly and in a way you can copy and paste them.
Solution:
So we can use the Get-ADUser cmlet with the "Properties" parameter specifying "Member Of" to get a list of AD Groups. The issue is the groups are formatted as distinguished names which are not very easy to read.
PS C:\Users\jheisler> (Get-ADUser -Identity "jheisler" -Properties "MemberOf").MemberOf
CN=ITTeam,OU=O365,DC=johnjheisler,DC=com
CN=ACL-ITDevOps,OU=Security Groups,OU=Groups,DC=johnjheisler,DC=com
Thankfully, All we need to do to overcome this is pipe the Get-ADUser cmdlet into a Get-ADGroup cmdlet. Then we can specify the "Name" property off the AD Group objects.
PS C:\Users\jheisler> ((Get-ADUser -Identity "jheisler" -Properties "MemberOf").memberof | Get-ADGroup).Name
ITTeam
ACL_ITDevOps
That's it. A quick and clean way to list a user's AD Groups.
Comments
Post a Comment