Little snippet for those who want a really simple PS oneliner to get the display names of all groups the logged in user is directly or indirectly a member of:
([ADSISEARCHER]"(member:1.2.840.113556.1.4.1941:=$(([ADSISEARCHER]"samaccountname=$($env:USERNAME)").FindOne().Properties.distinguishedname))").FindAll().Properties.distinguishedname -replace '^CN=([^,]+).+$','$1'
You can of course replace $env:USERNAME with a parameter if you don’t want the currently logged in user.
I’ve been using this to get nested group membership for the computer, with the results I expected but strangely it give no results on Server 2016. The odd thing is that 2008R2, 2012R2, and 2019 all deliver as expected. Any thoughts?
([ADSISEARCHER]”(member:1.2.840.113556.1.4.1941:=$(([ADSISearcher] “(&(objectCategory=computer)(objectClass=computer)(cn=$env:computername))”).FindOne().Properties.distinguishedname))”).FindAll().Properties.distinguishedname
Works within ConstrainedLanguage mode. Great thanks!
My issue was that ‘Domain Computers’ is not listed as a group, so I was getting no results as that was the only group membership
Thanks
exactly what i was looking for