Get Groups from AD Accounts and the nested groups

Posted on 2016-09-22
Last Modified: 2016-09-28

Does anyone have a script that will export to cvs all the groups an AD account is a member of ?

but not just direct groups , also the groups that those groups are nested in ..

--Group1 is nested in Group2
--Group2 is nested in Group3
--Group3 is nested in Group4
Question by:MilesLogan
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 12

Expert Comment

by:Gary Dewrell
ID: 41811371
LVL 40

Accepted Solution

Subsun earned 500 total points
ID: 41811588
Try this and see if it works for you...
Function Get-Nested ($User){
    Get-ADPrincipalGroupMembership $User | % {
      $_ | Select Name,@{N="ChildGroup";E={$Group.Samaccountname}};$Group = $_
      Get-Nested $_.Name  | Select Name,@{N="ChildGroup";E={$Group.Samaccountname}}

Get-Nested UserA | Select * -Unique

Open in new window


Author Closing Comment

ID: 41820123
thank you Subsun1

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question