Link to home
Start Free TrialLog in
Avatar of AlphaLolz
AlphaLolzFlag for United States of America

asked on

How can I get a list of all direct and indirect AD groups I'm a member of

I've reached the point after 20+ years in my company where I am now in so many AD groups and DL (both directly and indirectly) that I can no longer log on to the network or use some network resources (like IIS).

I'm looking for a powershell script (at least 2.x - prefer 4.x/5.x) that will list all the direct and indirect groups of which I'm a member in order to get removed from those which are useless.
Avatar of oBdA
oBdA
Shortest possibility, since this is just for your account (drop it into a command prompt, or a PS console, or a batch script, or a Powershell script):
whoami.exe /groups

Open in new window

To generate a csv file:
whoami.exe /groups /fo csv >C:\Temp\Groups.csv

Open in new window

Avatar of Shaun Vermaak
Shaun Vermaak
Flag of Australia image
$username = 'YourUsername'
$dn = (Get-ADUser $username).DistinguishedName
Get-ADGroup -LDAPFilter ("(member:1.2.840.113556.1.4.1941:={0})" -f $dn) | select -expand Name | sort Name

Open in new window

Avatar of Muhsin PM
Muhsin PM
You can do this in PowerShell

Import-Module ActiveDirectory
(Get-ADUser userName –Properties MemberOf | Select-Object MemberOf).MemberOf
Avatar of AlphaLolz
AlphaLolz
Flag of United States of America image

ASKER

The first answer is only giving me the groups I'm directly in, not indirectly.  It won't include the the groups that the groups I'm in are in, etc., etc. up the entire tree.
Avatar of AlphaLolz
AlphaLolz
Flag of United States of America image

ASKER

actually, it doesn't seem any of these recurse up the entire tree of groups for all the indirect group memberships.
SOLUTION
Avatar of Shaun Vermaak
Shaun Vermaak
Flag of Australia image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Avatar of oBdA
oBdA
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Shaun Vermaak
Shaun Vermaak
Flag of Australia image
$username = 'UserNo1'
$dn = (Get-ADUser $username).DistinguishedName
Get-ADGroup -LDAPFilter ("(member:1.2.840.113556.1.4.1941:={0})" -f $dn) | select -expand Name | sort Name

Open in new window

User generated image
Avatar of AlphaLolz
AlphaLolz
Flag of United States of America image

ASKER

My mistake.  Sorry.  I'll have to give the first answer best and the second assisted since the way this place works is usually first answer that works wins, but they were both very close and useful.