How to get ALL AD user groups (recursively) with Powershell or other tools?

Question

I\'m trying to get ALL the groups a user is member, even the nested ones (recusively), in Powershell I\'m using:

(Get-ADUser  -Properties Mem         


        

Answer 1

You can use the LDAP_MATCHING_RULE_IN_CHAIN:

Get-ADGroup -LDAPFilter "(member:1.2.840.113556.1.4.1941:=CN=User,CN=USers,DC=x)"

You can use it anywahere that you can use an LDAP filter.

Example:

$username = 'myUsername'
$dn = (Get-ADUser $username).DistinguishedName
Get-ADGroup -LDAPFilter ("(member:1.2.840.113556.1.4.1941:={0})" -f $dn) | select -expand Name | sort Name