The P-spot » Enumerate user memberships with Powershell

Home > Active Directory > Enumerate user memberships with Powershell

Enumerate user memberships with Powershell

April 7th, 2010 Ben De Vriese Leave a comment Go to comments

Enumerating user memberships is a common task to perform. Unlike other scripting languages, with Powershell it’s a one-line action.

First download/install Quest AD Tools, and add them:

add-pssnapin quest.activeroles.admanagement

I use a semicolon to combine two Powershell commands:

$sUser = get-qaduser -samaccountname <username>; $sUser.MemberOf

Categories: Active Directory Tags: Active Directory, MemberOf, PowerShell, Quest

Comments (1) Trackbacks (0) Leave a comment Trackback

bvbn

April 22nd, 2010 at 15:37 | #1

Reply | Quote

The problem is that the primary group is not included in the MemberOf attribute.
Here is the Powershell command to get the primary group of a user:

Get-QADUser | Select name, @{n=”PrimaryGroup”;e={(Get-QADGroup “$($_.Sid.AccountDomainSid)-$($_.PrimaryGroupId)”).name}}

No trackbacks yet.

Group Membership – Nested Groups