Hi,
I hope that you guys are enjoying our “Powershell and Active Directory” series. Today for some reason i need to find the group membership of a domain user and send the list of all of that detail to my IT Manager.
Normally we open “DSA.MSC” or “Active Directory user and Computers” , search the user, go to his user account properties , find the membership tab and note/write down the list of his all group membership to a paper then put it to a Excel. If a user is subscribed to 100 of groups then? Obviously we “IT peoples are know for our laziness” we are not going to do it ,, I am right isnt? .
Then i thought let’s do it again with PowerShell. 🙂
we are using Get-ADUser cmdlet to get the membership of the group of a particular user.
Lets Start.
Make sure you have “RSAT“ installed on you laptop.
Now Import the Active Directory module.
Import-Module ActiveDirectory
..
ok, Module is imported,,
ok now run Get-ADUser cmdlet with username of the user whose Group Membership you want to see.
Get-ADUser Aman.Dhally
Ok..it’s not showing the Group member list.. it wont until in -Properties we select the MemberOf property of Get-ADUser
Run the below command it will show you the list of all properties which domain user “aman.dhally” have.
Get-ADUser Aman.Dhally –Properties *
You will notice that it also have the MemberOf property.
lets access only MemBerOf property of domain user using Dot(.) notation and grouping.
The below command show us only the Domain user “MemberOf” property.
(Get-ADUser Aman.Dhally –Properties *).MemberOf
this will give you the detailed list of Group membership in LDAP like pattern, like
CN=Singers,OU=Demo4,OU=Groups,DC=XYX,DC=com
CN=Songs,OU=Demo3,OU=Groups,DC=XYZ,DC=com
If you are happy with this that is OK,, but then you have to remove all clutter manually … “CN” is contains our group name .. let’s filter it more using Powershell.
You can see above the output of MemberOf is separated by Comma (,) let’s split the output using -Split parameter.
(Get-ADUser Aman.Dhally –Properties *).MemberOf -split “,”
Ok.. now what???, now we need to select only CN names,,, Simple.. we can use Select-String cmdlet to select only CN Names…
(Get-ADUser Aman.Dhally –Properties *).MemberOf -split (“,”) | Select-String –SimpleMatch “CN=”
Great.. Now it showing only Name of the our Groups. but it have “CN=” in the from of it…
Do you want to filter more ???
Yes, Ok..
Lets replace “CN=”, with nothing,, we can use -Replace parameter .. To user -Replace paramter we need to put above command in to Subexpression and after SubExpression we can use -Replace Parameter.
$((Get-ADUser Aman.Dhally –Properties *).MemberOf -split (“,”) | Select-String –SimpleMatch “CN=”) -replace “CN=”,””
Wow , finally i have the clean, filtered list of my domain user group memberships.
Hope you like it..
Happy Weekends.
Thanks
Aman Dhally
Nice one!
Thanks Jan . 🙂
hmm seems too complicated. With the quest get-qadmemberof cmdlet you only have to run this “get-qadmemberof jdoe | select name”. Is there not a simpler way just to get a list of group memberships?
Hi Gary ..
thanks for the comment.
It may seems a little bit complicated but as you know there are always more then one day to achieve the same thing.
I just share the way which i know 🙂
thanks
aman
this was helpful thanks.