发表新帖
发表新帖

How to get ALL AD user groups (recursively) with Powershell or other tools?

前端 未结
关注
2 1833
野的像风
野的像风 2020-12-31 23:47

I\'m trying to get ALL the groups a user is member, even the nested ones (recusively), in Powershell I\'m using:

(Get-ADUser  -Properties Mem
相关标签:
2条回答
  • 孤城傲影
    2021-01-01 00:32

    You can use the LDAP_MATCHING_RULE_IN_CHAIN:

    Get-ADGroup -LDAPFilter "(member:1.2.840.113556.1.4.1941:=CN=User,CN=USers,DC=x)"

    You can use it anywahere that you can use an LDAP filter.

    Example:

    $username = 'myUsername'
$dn = (Get-ADUser $username).DistinguishedName
Get-ADGroup -LDAPFilter ("(member:1.2.840.113556.1.4.1941:={0})" -f $dn) | select -expand Name | sort Name
    0 讨论(0)
  • 盖世英雄少女心
    2021-01-01 00:34

    Or, you can use the constructed attribute tokenGroups and a base-scoped query:

    $tokenGroups = Get-ADUser -SearchScope Base -SearchBase '<account-distinguishedName>' `
-LDAPFilter '(objectClass=user)' -Properties tokenGroups | Select-Object `
-ExpandProperty tokenGroups | Select-Object -ExpandProperty Value
    0 讨论(0)
 看不清?
提交回复
热议问题