A better way of finding users’ group memberships

More than six years ago, I wrote a post, detailing how I could identify users’ Active Directory group memberships. While the method I detailed certainly works, it isn’t as simple as it might have been. Having recently found myself needing to perform that very same task again, I decided to revisit this topic, to show how I did it this time around.

The task was to identify the group memberships of all members of a given Active Directory Group. The first change I made was that I based my search around SamAccountName, rather than DistinguishedName. They are shorter, easier to read, and (within a domain) just as canonical. I used the Get-ADGroupMember command, and piped it to Select SamAccountName – the complete command looked like this:

Get-ADGroupMember <Active Directory Group Name> | Select SamAccountName

The next change I made was to use the command Get-ADPrincipalGroupMembership to identify the group memberships. This time I piped it to Select Name – the complete command looked like this:

Get-ADPrincipalGroupMembership <SamAccountName> | select name

I repeated this for each of the members of the original group, and was able to quickly identify the group memberships for each user.


By posting a comment, you consent to our collecting the information you enter. See privacy policy for more information.

This site uses Akismet to reduce spam. Learn how your comment data is processed.