PowerShell: get all group memberships (including nested and primary group)
Uses the TokenGroups attribute, which can only be read after refreshing AD’s property cache, since this attribute is not an actual schema attribute but generated on-the-fly.
$user = [ADSI]"LDAP://CN=user1,OU=Tools4ever,DC=t4evmdemo,DC=local"
$user.psbase.refreshCache(@("TokenGroups"))
$secirc = new-object System.Security.Principal.IdentityReferenceCollection
foreach($sidByte in $user.TokenGroups)
{
$secirc.Add((new-object System.Security.Principal.SecurityIdentifier $sidByte,0))
}
$secirc.Translate([System.Security.Principal.NTAccount])
Anderen bekeken ook
Single Sign On met terminal emulatie (VAX64, AS/400, Linux, SSH)
14 oktober 2010