1

I am using the Get-AdGroupMember -recursive powershell command to list users in groups, and users in nested groups.

Can I output the name of the nested group as well in the output results?

Ie User A is in Group A, User B is in Group B, User C is in Group C

Group C is in Group B, and Group B is in Group A. User C correctly appears as having group membership in Group A, but it's not obvious initially without drilling down through the groups.

In my 'realworld' case there are ~seven groups at the top level, then five/six at the next level, so I have to look in each one to find the user. Some of the results coming back are three nested groups down, and it takes a bit of digging to work out what group the user is actually in.

Thanks

AaronM
  • 292
  • 1
  • 2
  • 10

1 Answers1

1

You will find a the end of this answer, a way to find all the groups a user belongs to (in a recursive way) using a .NET 3.5 assembly in C#, here is a convertion to PowerShell. This is not an exact answer to your question, but this way in your 'realworld' it should help. 

# Load the .NET 3.5 assembly
Add-Type -AssemblyName System.DirectoryServices.AccountManagement

# Get an enum value
$ct = [System.DirectoryServices.AccountManagement.ContextType]::Domain

# Retreive the user as a user principal
$username = "jblanc"
$up = [System.DirectoryServices.AccountManagement.Principal]::FindByIdentity($ct,$username)

# Get all the authorization groups a user belongs to
$up.GetAuthorizationGroups()
Community
  • 1
  • 1
JPBlanc
  • 70,406
  • 17
  • 130
  • 175