Friday, May 11, 2012

Powershell and Active Directory: Find the group memberships of a Domain User using PowerShell.

 

Hi,

I hope that you guys are enjoying our "Powershell and Active Directory" series. Today for some reason i need to find the group membership of a domain user and send the list of all of that detail to my IT Manager.

Normally we open "DSA.MSC" or "Active Directory user and Computers" , search the user, go to his user account properties , find the membership tab and note/write down the list of his all group membership to a paper then put it to a Excel. If a user is subscribed to 100 of groups then? Obviously we "IT peoples are know for our laziness"  we are not going to do it ,, I am right isnt? .

Then i thought let's do it again with PowerShell. :)

we are using Get-ADUser cmdlet to get the membership of the group of a particular user.

Lets Start.

 Make sure you have "RSAT" installed on you laptop.

Now Import the Active Directory module.

Import-Module ActiveDirectory

30-04-2012 23-21-03 

..

ok, Module is imported,,

ok now run Get-ADUser cmdlet with username of the user whose Group Membership you want to see.

Get-ADUser Aman.Dhally

11-05-2012 13-34-37

Ok..it's not showing the Group member list.. it wont until in -Properties we select the MemberOf property of Get-ADUser

Run the below command it will show you the list of all properties which domain user "aman.dhally" have.

Get-ADUser Aman.Dhally -Properties *

You will notice that it also have the MemberOf property.

11-05-2012 13-41-02

lets access only MemBerOf property of domain user using Dot(.) notation and grouping.

The below command show us only the Domain user "MemberOf" property.

(Get-ADUser Aman.Dhally -Properties *).MemberOf

this will give you the detailed list of Group membership in LDAP like pattern, like

CN=Singers,OU=Demo4,OU=Groups,DC=XYX,DC=com
CN=Songs,OU=Demo3,OU=Groups,DC=XYZ,DC=com

If you are happy with this that is OK,, but then you have to remove all clutter manually ...   "CN" is contains our group name .. let's filter it more using Powershell.

11-05-2012 13-51-06

You can see  above the output of MemberOf is separated by Comma (,) let's split the output using -Split  parameter.

(Get-ADUser Aman.Dhally -Properties *).MemberOf -split ","

11-05-2012 14-34-49 

Ok.. now what???, now we need to select only CN names,,, Simple.. we can use Select-String cmdlet to select only CN Names...

(Get-ADUser Aman.Dhally -Properties *).MemberOf -split (",")  | Select-String -SimpleMatch "CN="

11-05-2012 14-38-30 

Great.. Now it showing only Name of the our Groups. but it have "CN=" in the from of it...

Do you want to filter more ???

Yes, Ok..

Lets replace "CN=", with nothing,, we can use -Replace parameter .. To user -Replace paramter we need to put above command in to Subexpression and after SubExpression we can use -Replace Parameter.

$((Get-ADUser Aman.Dhally -Properties *).MemberOf -split (",")  | Select-String -SimpleMatch "CN=") -replace "CN=",""

Wow , finally i have the clean, filtered list of my domain user group memberships.

11-05-2012 14-44-15

Hope you like it..

Happy Weekends.

Thanks

Aman Dhally

Aman Dhally

Posted by at
Labels: , , ,

8 comments:

  1. Unknown31 May, 2012

    Nice one!

    ReplyDelete
  2. Unknown15 August, 2013

    Thanks man..i m new to powershell and was searching for this since last 2 days..but how can i get groups details of multiple users who belongs to differnt OU or same OU.?

    ReplyDelete
  3. evyatar02 February, 2014

    Good Job!

    ReplyDelete
  4. Unknown10 April, 2014

    This is great!

    ReplyDelete
  5. Unknown05 October, 2014

    thanks a lot

    ReplyDelete

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)