PowerShell: get all group memberships (including nested and primary group)
07-03-2008Uses the TokenGroups attribute, which can only be read after refreshing AD’s property cache, since this attribute is not an actual schema attribute but generated on-the-fly.
$user = [ADSI]"LDAP://CN=user1,OU=Tools4ever,DC=t4evmdemo,DC=local"
$user.psbase.refreshCache(@("TokenGroups"))
$secirc = new-object System.Security.Principal.IdentityReferenceCollection
foreach($sidByte in $user.TokenGroups)
{
$secirc.Add((new-object System.Security.Principal.SecurityIdentifier $sidByte,0))
}
$secirc.Translate([System.Security.Principal.NTAccount])