Get group membership details using PowerShell

As an administrator you often need to check user group membership. Today I want to show you simple function which will help you to get that information for specific user.

On the beginning of function we can check if Active Directory module is installed and validate user name:


Try
{
    # Checking module
    Import-Module ActiveDirectory -ErrorAction Stop

    # Validate user name
    $ValidateUser = (Get-ADUser -Identity $User -Properties MemberOf).MemberOf
}
Catch
{
    $_.Exception.Message
    Break
}   

For checking user group membership we can use the following Get-ADUser commands.
Unfortunately they will return just group names:

(Get-ADUser -Identity $User -Properties MemberOf).MemberOf

(Get-ADUser -Identity $User -Properties MemberOf).MemberOf | Get-ADGroup -Properties SamAccountname | Select-Object SamAccountName

Our function helps also to check additional group properties:

– GroupName
– DistinguishedName
– Created
– Changed
– GroupCategory
– GroupScope

Usage:

Get-UserGroups
Get-UserGroups -User Pawel.Janowicz

Output:
Results can be displayed in console, in pop-up window or can be saved in CSV file.

# Display results in console
Get-UserGroups -User Pawel.Janowicz

# Display results in new pop-up window
Get-UserGroups -User Pawel.Janowicz | Out-GridView -Title "Final results:"

# Export to CSV
Get-UserGroups -User Pawel.Janowicz | Export-Csv -Path C:\users\$env:username\desktop\results.csv -NoTypeInformation

Final script:

Function Get-UserGroups{
    [CmdletBinding()]        
       
    # Parameter used in this function
    param
    (
        [Parameter(Position=0, Mandatory = $false, HelpMessage="Provide user name", ValueFromPipeline = $true)] 
        $User = $env:username
    )
 
        BEGIN
        {
            Try
            {
                # Checking module
                Import-Module ActiveDirectory -ErrorAction Stop

                # Validate user name
                $ValidateUser = (Get-ADUser -Identity $User -Properties MemberOf).MemberOf
            }
            Catch
            {
                $_.Exception.Message
                Break
            }       
        }
        PROCESS
        {
            Try
            {
                Write-Verbose "Processing user" 

                $UserGroups = $ValidateUser | Get-ADGroup -Properties SamAccountname,WhenCreated,WhenChanged,DistinguishedName,GroupCategory,GroupScope | 
                Select-Object SamAccountName,WhenCreated,WhenChanged,DistinguishedName,GroupCategory,GroupScope | Sort-Object SamAccountName

                If($UserGroups)
                {
                    $GroupsArray = @()

                    ForEach ($Item in $UserGroups)
                    {                       
                        $Object = New-Object PSObject -Property ([ordered]@{ 
  
                            GroupName              = $Item.SamAccountName
                            DistinguishedName      = $Item.DistinguishedName     
                            Created                = $Item.WhenCreated
                            Changed                = $Item.WhenChanged          
                            GroupCategory          = $Item.GroupCategory
                            GroupScope             = $Item.GroupScope               
  
                        })
               
                        # Add custom object to our array
                        $GroupsArray += $Object
                    }
                }
            }
            Catch
            {
                Write-Warning "Something went wrong"
            }
        }
        END
        {
            If($GroupsArray)
            { 
                Return $GroupsArray
            }
            Else
            {
                Write-Verbose "No groups found"
            } 
        }
}

For more information about Get-ADGroup command please refer to the following link.
You can check also previous article about how to copy group membership from reference account – link.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.