Note: This article was originally written on reich-consulting.net. Reich Web Consulting has narrowed its focus to the web and no longer offers tech support services, so we’ve moved all of our tech support content off-site. We hope you find this article useful. It is provided as-is, and we will no longer provide support on this topic.
This is a problem that has plagued me for a long time. I’ve seen solutions implemented in VBScript, and I’ve seen PowerShell solutions that relied on third-party tools to get the job done. Well I’ve finally implemented a solution to finding all of an account’s group memberships with PowerShell.
The following script provides a function I call Get-ADPrincipalGroupMembershipRecursive, which I named after the built-in function ADPrincipalGroupMembership. The function is called by passing the distinguished name of the account. It will determine all of the group’s memberships using the memberOf attribute, then recursively check those groups, their subgroups, etc. until a comprehensive list of the account’s memberships has been built.
[rc_codebin snippet_id=”5281" style=”height:400px;”]