Quantcast
Channel: Hey, Scripting Guy! Blog
Viewing all articles
Browse latest Browse all 3333

PowerTip: Use PowerShell to Find if User Is Nested Group Member

$
0
0

Summary: Use Windows PowerShell to find if a user is a nested member of a particular group.

Hey, Scripting Guy! Question How can I use Windows PowerShell to quickly find if a user is a nested member of a particular group,
           for example, Domain Admins?

Hey, Scripting Guy! Answer Use the -RecursiveMatch LDAP filter operator:

Get-ADUser -Filter 'memberOf ‑RecursiveMatch "CN=Administrators,CN=Builtin,DC=Fabrikam,DC=com"' ‑SearchBase "CN=Administrator,CN=Users,DC=Fabrikam,DC=com"

If the user is a member of the group, the query returns an AD object representing the user.
If not a member of the group, the query returns nothing.

You can even use it in a function:

Function Test-ADGroupMember {

Param ($User,$Group)

  Trap {Return "error"}

  If (

    Get-ADUser `

      -Filter "memberOf -RecursiveMatch '$((Get-ADGroup $Group).DistinguishedName)'" `

      -SearchBase $((Get-ADUser $User).DistinguishedName)

    ) {$true}

    Else {$false}

}

Now we have a simple function to check if a user is nested into a privileged group:

PS C:\> Test-ADGroupMember -User Guest -Group "Domain Admins"

True

PS C:\> Test-ADGroupMember -User JoeJrAdmin -Group "Domain Admins"

False

PS C:\> Test-ADGroupMember -User bogus -Group "Domain Admins"

error

 


Viewing all articles
Browse latest Browse all 3333

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>