Recently I needed to find out if a user was in an Active Directory Group.
The group contained more than 5000 entries, so using Get-ADGroupMember wasn't useful (it timed out)
The following command worked well for me...
get-adgroup "GroupName" -Properties Member | Select-Object -ExpandProperty Member | get-aduser |
Where-Object {$_.SamAccountName -eq "username"}
For small groups, and for full member lists it's as simple as
Get-ADGroupMember groupname
Getting the actual AD details can be performed with powershell with the following
get-aduser -Filter 'GivenName -like "FirstName*" -and Surname -like "LastName*"'
or, if you know the SamAccountName...
get-aduser SamAccountName
To list the groups that an account belongs to
The group contained more than 5000 entries, so using Get-ADGroupMember wasn't useful (it timed out)
The following command worked well for me...
get-adgroup "GroupName" -Properties Member | Select-Object -ExpandProperty Member | get-aduser |
Where-Object {$_.SamAccountName -eq "username"}
For small groups, and for full member lists it's as simple as
Get-ADGroupMember groupname
Getting the actual AD details can be performed with powershell with the following
get-aduser -Filter 'GivenName -like "FirstName*" -and Surname -like "LastName*"'
or, if you know the SamAccountName...
get-aduser SamAccountName
To list the groups that an account belongs to
Comments
Post a Comment