Little snippet for those who want a really simple PS oneliner to get the display names of all groups the logged in user is directly or indirectly a member of:
([ADSISEARCHER]"(member:1.2.840.1135184.108.40.2061:=$(([ADSISEARCHER]"samaccountname=$($env:USERNAME)").FindOne().Properties.distinguishedname))").FindAll().Properties.distinguishedname -replace '^CN=([^,]+).+$','$1'
You can of course replace $env:USERNAME with a parameter if you don’t want the currently logged in user.
I’ve been using this to get nested group membership for the computer, with the results I expected but strangely it give no results on Server 2016. The odd thing is that 2008R2, 2012R2, and 2019 all deliver as expected. Any thoughts?
Works within ConstrainedLanguage mode. Great thanks!
My issue was that ‘Domain Computers’ is not listed as a group, so I was getting no results as that was the only group membership
exactly what i was looking for