发表新帖
发表新帖

How to get all groups that a user is a member of?

后端 未结
关注
30 1636
攒了一身酷
攒了一身酷 2020-12-04 05:56

PowerShell\'s Get-ADGroupMember cmdlet returns members of a specific group. Is there a cmdlet or property to get all the groups that a particular user is a member of?

相关标签:
30条回答
  • 走了就别回头了
    2020-12-04 06:23

    Putting this here for future reference. I'm in the midst of an email migration. I need to know each user account and its respective group membership, and also I need to know each group and its respective members.

    I'm using the code block below to output a CSV for each user's group membership.

    Get-ADUser -Filter * |`
  ForEach-Object { `
    $FileName = $_.SamAccountName + ".csv" ; `
    $FileName ; `
    Get-ADPrincipalGroupMembership $_ | `
      Select-Object -Property SamAccountName, name, GroupScope, GroupCategory | `
        Sort-Object -Property SamAccountName | `
          Export-Csv -Path $FileName -Encoding ASCII ; `
  }

    The export process for the groups and their respective members was a little convoluted, but the below works. The output filenames include the type of group. Therefore, the email distribution groups I need are/should be the Universal and Global Distribution groups. I should be able to just delete or move the resulting TXT files I don't need.

    Get-ADGroup -Filter * | `
 Select-Object -Property Name, DistinguishedName, GroupScope, GroupCategory | `
  Sort-Object -Property GroupScope, GroupCategory, Name | `
   Export-Csv -Path ADGroupsNew.csv -Encoding ASCII

$MyCSV = Import-Csv -Path .\ADGroupsNew.csv -Encoding ASCII

$MyCSV | `
 ForEach-Object { `
  $FN = $_.GroupScope + ", " + $_.GroupCategory + ", " + $_.Name + ".txt" ; `
  $FN ; `
  Get-ADGroupMember -Identity $_.DistinguishedName | `
   Out-File -FilePath $FN -Encoding ASCII ; $FN=""; `
  }
    0 讨论(0)
  • 醉梦人生
    2020-12-04 06:24

    Get group membership for a user:

    $strUserName = "Primoz"
$strUser = get-qaduser -SamAccountName $strUserName
$strUser.memberof

    See Get Group Membership for a User

    But also see Quest's Free PowerShell Commands for Active Directory.

    [Edit: Get-ADPrincipalGroupMembership command is included in Powershell since v2 with Windows 2008 R2. See kstrauss' answer below.]

    0 讨论(0)
  • 礼貌的吻别
    2020-12-04 06:26 
       Get-ADUser -Filter { memberOf -RecursiveMatch "CN=Administrators,CN=Builtin,DC=Fabrikam,DC=com" } -SearchBase "CN=Administrator,CN=Users,DC=Fabrikam,DC=com"  -SearchScope Base
                  ## NOTE: The above command will return the user object (Administrator in this case) if it finds a match recursively in memberOf attribute.
    0 讨论(0)
  • 臣服心动
    2020-12-04 06:27

    This should provide you the details for current user. Powershell not needed.

    whoami /groups

    0 讨论(0)
  • 梦谈多话
    2020-12-04 06:28

    Single line, no modules necessary, uses current logged user:

    (New-Object System.DirectoryServices.DirectorySearcher("(&(objectCategory=User)(samAccountName=$($env:username)))")).FindOne().GetDirectoryEntry().memberOf

    Qudos to this vbs/powershell article: http://technet.microsoft.com/en-us/library/ff730963.aspx

    0 讨论(0)
  • 失恋的感觉
    2020-12-04 06:31

    First, import the activedirectory module:

    import-module activedirectory

    Then issue this command:

    Get-ADGroupMember -Identity $group | foreach-object {
    Write-Host $_.SamAccountName
}

    This will display the members of the specified group.

    0 讨论(0)
 看不清?
提交回复
热议问题