Finding AD Group Membership for a List of Users or Computers
The below powershell script scans a particular OU and outputs the group membership for each user. Change 'Get-ADUser' to 'Get-ADComputer' to run the script against computernames.$Users=Get-ADUser -Filter * -SearchBase "OU=Staff,OU=BHP,DC=biliton,DC=corporate" -Properties DisplayName,Memberof
ForEach ($User in $Users)
{
$SamAccountName=$User.SamAccountName
$DisplayName=$User.DisplayName
$UserStr = '{0} - {1}' -f $DisplayName,$SamAccountName
Write-Host $UserStr -BackgroundColor Gray
Write-Host ('-' * $UserStr.Length)
$User.Memberof |
foreach {
Write-host ($_ -replace 'CN=(.+?),(OU|DC)=.+','$1')
}
Write-Host ' '
}
The below powershell script scans a list of computers and then outputs the AD group membership of each individual computer. Replace 'h:\computers.txt' with the path of your list of computernames.
$Computers=get-content h:\computers.txt | Get-ADcomputer -Properties DisplayName,Memberof
ForEach ($Computer in $Computers)
{
$SamAccountName=$Computer.SamAccountName
$DisplayName=$Computer.DisplayName
$ComputerStr = '{0} - {1}' -f $DisplayName,$SamAccountName
Write-Host $ComputerStr -BackgroundColor Gray
Write-Host ('-' * $ComputerStr.Length)
$Computer.Memberof |
foreach {
Write-host ($_ -replace 'CN=(.+?),(OU|DC)=.+','$1')
}
Write-Host ' '
}
The below powershell script scans a list of usernames and then outputs the AD group membership of each individual user. Replace 'h:\users.txt' with the path of your list of usernames.
$Users=get-content h:\users.txt | Get-ADUser -Properties DisplayName,Memberof
ForEach ($User in $Users)
{
$SamAccountName=$User.SamAccountName
$DisplayName=$User.DisplayName
$UserStr = '{0} - {1}' -f $DisplayName,$SamAccountName
Write-Host $UserStr -BackgroundColor Gray
Write-Host ('-' * $UserStr.Length)
$User.Memberof |
foreach {
Write-host ($_ -replace 'CN=(.+?),(OU|DC)=.+','$1')
}
Write-Host ' '
}