Home » PowerShell » PowerShell – Get list of AD Groups for User

PowerShell – Get list of AD Groups for User

by

Use the PowerShell Get-ADUser cmdlet to get aduser object and use Memberof to get a list of ad groups to user belongs to.

Let’s consider an example to understand how to get a list of ad groups for users in PowerShell. You can get list of active directory groups user belongs to using the get-aduser memberof property and net user command.

There are different ways to get a list of ad groups in PowerShell. Let’s see one by one with examples.

Table of Contents hide
1 Get List of Ad Groups for User
2 Net User to get list of ad groups for User
3 Conclusion

Get List of Ad Groups for User

Using PowerShell Get-ADUser cmdlet to get aduser specified by username and use MemberOf to get all groups a user is a member of in PowerShell.

Run below PowerShell script.

(Get-ADUser Toms –Properties MemberOf).MemberOf

In the above PowerShell script, the Get-ADUser memberof attribute returns distinguished names of the ad groups to which this user belongs.

The output of the above gets aduser memberof group script is below

CN=Group Policy Creator Owners,CN=Users,DC=SHELLPRO,DC=LOCAL
CN=Domain Admins,CN=Users,DC=SHELLPRO,DC=LOCAL
CN=Enterprise Admins,CN=Users,DC=SHELLPRO,DC=LOCAL
CN=Schema Admins,CN=Users,DC=SHELLPRO,DC=LOCAL
CN=Administrators,CN=Builtin,DC=SHELLPRO,DC=LOCAL

or you can use an alternate way to get list of ad groups using the Get-ADGroup cmdlet as below

(Get-ADUser Toms –Properties MemberOf).memberof | Get-ADGroup | Select-Object name

In the above PowerShell command, Get-AdUser gets aduser object specified for username and uses the Get-ADGroup cmdlet to get one or more groups users member of.

The output of the above get aduser memberof command to get the ad group name is as

name
----
Group Policy Creator Owners
Domain Admins
Enterprise Admins
Schema Admins
Administrators

Let’s consider an example to find my ad groups in an active directory based on username ShellAdmin, using the above command

(Get-ADUser ShellAdmin –Properties MemberOf).memberof | Get-ADGroup | Select-Object name

In the above PowerShell script, Get-ADUser takes username ‘ShellAdmin’ and gets the ad groups I am a member of, and prints a list of ad groups on the console.

Net User to get list of ad groups for User

Use the net dos command to get list of ad groups for user name specified and the domain name specified below

net user /domain Toms

In the above command, you can run the net user command to get list of ad groups for user in the domain.

The output of the above command shows local group memberships and Global group memberships. It get all groups a user is member of and display details on the console.

Net user - Get list of active directory groups
Net user – Get list of active directory groups

Conclusion

I hope the above article on how to get list of ad groups for users is helpful to you.

You can read more articles about how to get list of users from ad group and export adgroup members to csv.

You can find more topics about PowerShell Active Directory commands and PowerShell basics on the ShellGeek home page.

1 thought on “PowerShell – Get list of AD Groups for User”

Comments are closed.