(o_0 ): Powershell - Active Directory User's Group List

All I wanted to do was to see a list a semi-readable list of the groups a client belongs to.

Get-ADUser am00000b

gives me a list of default values returned.

PS C:\WINDOWS\system32> get-aduser am00000b


DistinguishedName : CN=Lesley,OU=Users,OU=AM,DC=MyCompany,DC=com
Enabled           : True
GivenName         : Lesley
Name              : am00000b
ObjectClass       : user
ObjectGUID        : ffffffff-ffff-ffff-ffff-ffffffffffff
SamAccountName    : am00000b
SID               : S-1-5-21-999999999-999999999-9999999999-99999
Surname           : Phillips
UserPrincipalName : am00000b@am.mycompany.com

Get-ADUser am00000b -Properties * shows me all the AD properties associated with the user. (which you can do on your own). From there I can see the property I'm looking for... MemberOf . If you have a lot of groups assigned to the user, it may be truncated. And, it is not in any particular order. However, you can add MembersOf to the results with -Properties memberof

PS C:\WINDOWS\system32> get-aduser am00000b -Properties memberof


DistinguishedName : CN=Lesley,OU=Users,OU=AM,DC=MyCompany,DC=com
Enabled           : True
GivenName         : Lesley
MemberOf          : {CN=AMG-Heat-Users,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com,
                    CN=AMG_Internet_USERS,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com,
                    CN=RightFax,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com,
                    CN=APP-ATTConnect-stduser,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com,...}
Name              : am00000b
ObjectClass       : user
ObjectGUID        : ffffffff-ffff-ffff-ffff-ffffffffffff
SamAccountName    : am00000b
SID               : S-1-5-21-999999999-999999999-9999999999-99999
Surname           : Phillips
UserPrincipalName : am00000b@am.mycompany.com

Passing that into a Select -ExpandProperty memberof gives the following result.

PS C:\WINDOWS\system32> get-aduser am00000b -Properties memberof | Select -ExpandProperty memberof
CN=APP-Heat-Users,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com,
CN=AMG-Internet-stdusers,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com,
CN=APP-RightFax-admusers,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com, 
CN=APP-ATTConnect-stduser,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=APP-Clarity-testuser,,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=APP-Clarity-stduser,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=IS-Level-1,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=SecWebAccess(Instant Message),OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=SecWebAccess(email),OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=^PCAdm,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=^DominoServer,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=^RemoteControl,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=SecWebAccess(CompSec),OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=SecWebAccess(Organizational Email),OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=SecWebAccess(MySpace),OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=IS-B-jo,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=AMG-SCCM,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=^LocalDev,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=AMG-FAXServer,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=APP-Heat-stdusers,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=AMG-Smartcard-stdusers,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=AMG-AD-adm,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com

And, finally, to make it semi-readable pass in to a Sort-Object

PS C:\WINDOWS\system32> get-aduser am00000b -Properties memberof | Select -ExpandProperty memberof | Sort-Object
CN=^DominoServer,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=^LocalDev,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=^PCAdm,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=^RemoteControl,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=AMG-AD-adm,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=AMG-FAXServer,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=AMG-Internet-stdusers,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com,
CN=AMG-SCCM,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=AMG-Smartcard-stdusers,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=APP-ATTConnect-stduser,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=APP-Clarity-stduser,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=APP-Clarity-testuser,,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=APP-Heat-stdusers,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=APP-Heat-Users,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com,
CN=APP-RightFax-admusers,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com, 
CN=IS-B-jo,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=IS-Level-1,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=SecWebAccess(CompSec),OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=SecWebAccess(email),OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=SecWebAccess(Instant Message),OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=SecWebAccess(MySpace),OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=SecWebAccess(Organizational Email),OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com

Most examples I found don't use the shorthand for the CN lookup, but rather use a -filter {CN -eq "am00000b"}. Which would look like this...

get-aduser -filter { CN -eq "am00000b" } -Properties memberof | Select -ExpandProperty memberof | Sort-Object

(o_0 )

Search This Blog

Tuesday, February 10, 2015

Powershell - Active Directory User's Group List