I hope that you guys are enjoying our "Powershell and Active Directory" series. Today for some reason i need to find the group membership of a domain user and send the list of all of that detail to my IT Manager.
Normally we open "DSA.MSC" or "Active Directory user and Computers" , search the user, go to his user account properties , find the membership tab and note/write down the list of his all group membership to a paper then put it to a Excel. If a user is subscribed to 100 of groups then? Obviously we "IT peoples are know for our laziness" we are not going to do it ,, I am right isnt? .
Then i thought let's do it again with PowerShell. :)
we are using Get-ADUser cmdlet to get the membership of the group of a particular user.
Make sure you have "RSAT" installed on you laptop.
Now Import the Active Directory module.
ok, Module is imported,,
ok now run Get-ADUser cmdlet with username of the user whose Group Membership you want to see.
Ok..it's not showing the Group member list.. it wont until in -Properties we select the MemberOf property of Get-ADUser
Run the below command it will show you the list of all properties which domain user "aman.dhally" have.
Get-ADUser Aman.Dhally -Properties *
You will notice that it also have the MemberOf property.
lets access only MemBerOf property of domain user using Dot(.) notation and grouping.
The below command show us only the Domain user "MemberOf" property.
(Get-ADUser Aman.Dhally -Properties *).MemberOf
this will give you the detailed list of Group membership in LDAP like pattern, like
If you are happy with this that is OK,, but then you have to remove all clutter manually ... "CN" is contains our group name .. let's filter it more using Powershell.
You can see above the output of MemberOf is separated by Comma (,) let's split the output using -Split parameter.
(Get-ADUser Aman.Dhally -Properties *).MemberOf -split ","
Ok.. now what???, now we need to select only CN names,,, Simple.. we can use Select-String cmdlet to select only CN Names...
(Get-ADUser Aman.Dhally -Properties *).MemberOf -split (",") | Select-String -SimpleMatch "CN="
Great.. Now it showing only Name of the our Groups. but it have "CN=" in the from of it...
Do you want to filter more ???
Lets replace "CN=", with nothing,, we can use -Replace parameter .. To user -Replace paramter we need to put above command in to Subexpression and after SubExpression we can use -Replace Parameter.
$((Get-ADUser Aman.Dhally -Properties *).MemberOf -split (",") | Select-String -SimpleMatch "CN=") -replace "CN=",""
Wow , finally i have the clean, filtered list of my domain user group memberships.
Hope you like it..