# Get the direct group memberships
$UserGroups = Get-ADPrincipalGroupMembership $UserName |
Select distinguishedName, GroupCategory, GroupScope, name, objectClass, objectGUID, SamAccountName, SID,
@{l='Membership';e={'Direct'}}, @{l='Parent';e={$null}}
# Get the group membership 1 level down
foreach($group in $UserGroups){
$UserGroups += Get-ADPrincipalGroupMembership -Identity $group.distinguishedName |
Select distinguishedName, GroupCategory, GroupScope, name, objectClass, objectGUID, SamAccountName, SID,
@{l='Membership';e={'Inherit'}}, @{l='Parent';e={$group.distinguishedName}}
}
# Display results
$UserGroups | FT name, GroupCategory, GroupScope, Membership, Parent -AutoSizeGets the Active Directory Groups a user is a member of and any other groups that they inherit from the direct membership, one level down.
PS C:\> $UserName = 'bgates'
>> $UserGroups = Get-ADPrincipalGroupMembership $UserName |
>> Select distinguishedName, GroupCategory, GroupScope, name, objectClass, objectGUID, SamAccountName, SID,
>> @{l='Membership';e={'Direct'}}, @{l='Parent';e={$null}}
>> foreach($group in $UserGroups){
>> $UserGroups += Get-ADPrincipalGroupMembership -Identity $group.distinguishedName |
>> Select distinguishedName, GroupCategory, GroupScope, name, objectClass, objectGUID, SamAccountName, SID,
>> @{l='Membership';e={'Inherit'}}, @{l='Parent';e={$group.distinguishedName}}
>> }
>> $UserGroups | FT name, GroupCategory, GroupScope, Membership, Parent -AutoSize
name GroupCategory GroupScope Membership Parent
---- ------------- ---------- ---------- ------
Domain Users Security Global Direct
Tier 1 Security Global Direct
Executives Security Global Direct
Users Security DomainLocal Inherit CN=Domain Users,CN=Users,DC=Contoso,DC=com
5-NotepadPP-App Security Global Inherit CN=Domain Users,CN=Users,DC=Contoso,DC=com