Found this post from 2011 that used a slick directory searcher to find group membership. While it doesn't give parents, I was able to simply loop until I went up each chain.
Function AllMemberOf ($SamAccountName) {
# Based off of
# http://stackoverflow.com/questions/5072996/how-to-get-all-groups-that-a-user-is-a-member-of
$groups = ([ADSISEARCHER]"samaccountname=$($samaccountname)").Findone().Properties.memberof | ?{$_ -ne $null} | get-group
$indent = 1
$master = $groups
#$Master | get-group | %{write-host $_.name}
Do {
$parents = $Groups | %{([ADSISEARCHER]"samaccountname=$($_.SamAccountName)").FindOne().Properties.memberof} | ?{$_ -ne $null} | %{get-group $_ }
if ($parents -ne $null) {
#$Parents| get-group | %{write-host $("`t"*$indent),$_.name}
$Master += $parents
$groups = $parents
$Indent++
}
} While ($Parents -ne $null)
return $master
}
This does roughly the same as (get-aduser 'eric woodford').AllMemberof | get-group
AllMemberOf $(Get-Mailbox "Eric Woodford").SamAccountName
No comments:
Post a Comment