Another PowerShell function to help identify user/group/computer information from Active Directory. This one will recursively show group membership for an Active Directory object.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 |
function Get-GroupsForObject { [cmdletbinding()] param( [string]$Object = "", [int]$Level = 0 ) $indent = "-" * $Level $d = Get-ADObject -Identity $Object -Properties SamAccountName if ($Level -eq 0) { Write-Host "$indent# $($d.SamAccountName)" } if ($d.ObjectClass -eq "user" -and $Level -eq 0) { $e = Get-ADUser -Identity $d.DistinguishedName -Properties MemberOf } elseif ($d.ObjectClass -eq "group") { if ($Level -gt 0) { Write-Host "$indent-> $($d.SamAccountName)" } $e = Get-ADGroup -Identity $d.DistinguishedName -Properties MemberOf } $e.MemberOf | Sort-Object | %{ # prevent a loop if the group is a member of itself if ( $_ -ne $e.DistinguishedName ) { Get-GroupsForObject -Object $_ -Level($Level + 1) } } } |
Sample usage:
|
1 2 |
PS C:\> Get-GroupsForObject -Object (Get-ADuser Andrew).DistinguishedName PS C:\> Get-GroupsForObject -Object (Get-ADGroup "vCenter Administrators").DistinguishedName |