发表新帖
发表新帖

How to get all groups that a user is a member of?

后端 未结
关注
30 1746
攒了一身酷
攒了一身酷 2020-12-04 05:56

PowerShell\'s Get-ADGroupMember cmdlet returns members of a specific group. Is there a cmdlet or property to get all the groups that a particular user is a member of?

30条回答
  • 孤城傲影
    孤城傲影 (楼主)
    2020-12-04 06:40

    While there are many excellent answers here, there is one which I was personally looking for that was missing. Once I figured it out - I thought I should post it in case I want to find it later, or it actually manages to help someone else at some point:

    Get-ADPrincipalGroupMembership username | Format-Table -auto

    A second approach for presenting this is to specify the individual columns you are interested in eg:

    Get-ADPrincipalGroupMembership username | select name, GroupScope, GroupCategory

    This gives all the AD groups the username belongs to - but also presents all of the default properties of each group formatted nicely as a table.

    The key benefit this gives you is you can see at a glance which are distribution lists, & which are Security groups. You can further see at a glance which are Universal, which are DomainLocal & which are Global.
    Why would you care about this last bit?

    • Universal group is a security or distribution group that contains users, groups, and computers from any domain in its forest as members. You can give universal security groups rights and permissions on resources in any domain in the forest.
    • Global group is a group that can be used in its own domain, in member servers and in workstations of the domain, and in trusting domains. In all those locations, you can give a global group rights and permissions and the global group can become a member of local groups. However, a global group can contain user accounts that are only from its own domain.
    • Domain local group is a security or distribution group that can contain universal groups, global groups, other domain local groups from its own domain, and accounts from any domain in the forest. You can give domain local security groups rights and permissions on resources that reside only in the same domain where the domain local group is located.

    0 讨论(0)
 看不清?
提交回复
热议问题