locked
Powershell - Get a User’s Group Memberships RRS feed

  • Question

  • Hi

    I have the following powershell command and I need it to be tweaked to show Group Memberships, but in a nicer,readable format.

    (GET-ADUSER -Identity USER1 -Properties MemberOf | Select-Object MemberOf).MemberOf

    How do I get the Group Membership to display as a friendly name?

    Thanks


    Thursday, May 14, 2015 10:45 AM

Answers

  • If you're not comfortable with the very basics, I'd highly suggest dropping everything and starting here:

    http://technet.microsoft.com/en-us/scriptcenter/dd742419.aspx

    To answer your question though - you can either save the script as a .ps1 and run it or just paste it into the console/ISE window.


    EDIT: Here's another version you can play with:

    Get-ADUser UsernameGoesHere -Properties MemberOf | ForEach {
    
        $user = $_.SamAccountName
    
        $_.MemberOf | ForEach {
    
            $props = @{
                Username = $user
                GroupName = (Get-ADGroup $_).Name
            }
    
            New-Object PsObject -Property $props
    
        }
    
    } | Sort GroupName


    Don't retire TechNet! - (Don't give up yet - 13,225+ strong and growing)

    Thursday, May 14, 2015 1:52 PM
  • If you want to run it as a ps1 file you will need to replace

    $name = <username>

    with 

    $name = read-host Username

    If you replace <username> with an actual username you can run it from the console. The code I posted is a very fast method of returning every group a user is a member of but Mike is right you should probably brush up on the basics first.

    • Marked as answer by Ivan Davids Thursday, May 14, 2015 2:17 PM
    Thursday, May 14, 2015 2:06 PM

All replies

  • This will work, it won't get you nested membership though -

    GET-ADUSER -Identity <user> | Get-ADPrincipalGroupMembership | Select Name

    Thursday, May 14, 2015 11:41 AM
  • This will get you all groups a user is a member of - 

    $arrGroups = @()

    $name = <username> Add-type -AssemblyName System.DirectoryServices.AccountManagement $context = [System.DirectoryServices.AccountManagement.ContextType]::Domain $Target = [System.DirectoryServices.AccountManagement.UserPrincipal]::FindByIdentity($Context, $Name) $username = $target.DisplayName $authResults = $target.GetAuthorizationGroups() | Select Name $gResults = $Target.GetGroups() | Select Name $arrGroups += $authResults $arrGroups += $gResults $arrGroups | Sort Name | Get-Unique -AsString



    • Edited by Braham20 Thursday, May 14, 2015 11:50 AM
    Thursday, May 14, 2015 11:50 AM
  • I have no idea what to do with this?
    Thursday, May 14, 2015 1:29 PM
  • I keep getting errors when trying to execute your command
    Thursday, May 14, 2015 1:30 PM
  • Are you replacing: 

    $name = <username>

    with an actual username?

    Thursday, May 14, 2015 1:33 PM
  • what I meant was... do I copy and paste this in a .ps1 file?
    Thursday, May 14, 2015 1:37 PM
  • If you're not comfortable with the very basics, I'd highly suggest dropping everything and starting here:

    http://technet.microsoft.com/en-us/scriptcenter/dd742419.aspx

    To answer your question though - you can either save the script as a .ps1 and run it or just paste it into the console/ISE window.


    EDIT: Here's another version you can play with:

    Get-ADUser UsernameGoesHere -Properties MemberOf | ForEach {
    
        $user = $_.SamAccountName
    
        $_.MemberOf | ForEach {
    
            $props = @{
                Username = $user
                GroupName = (Get-ADGroup $_).Name
            }
    
            New-Object PsObject -Property $props
    
        }
    
    } | Sort GroupName


    Don't retire TechNet! - (Don't give up yet - 13,225+ strong and growing)

    Thursday, May 14, 2015 1:52 PM
  • If you want to run it as a ps1 file you will need to replace

    $name = <username>

    with 

    $name = read-host Username

    If you replace <username> with an actual username you can run it from the console. The code I posted is a very fast method of returning every group a user is a member of but Mike is right you should probably brush up on the basics first.

    • Marked as answer by Ivan Davids Thursday, May 14, 2015 2:17 PM
    Thursday, May 14, 2015 2:06 PM
  • Thanks for your time and effort,much appreciated
    Thursday, May 14, 2015 2:17 PM
  • Thanks for your time and effort,much appreciated
    Thursday, May 14, 2015 2:17 PM
  • Thursday, May 14, 2015 2:23 PM