active_directory
Table of Contents
Active Directory
Basic Account Check
net user username /domain
Get Group Membership
To get just the top level groups:
Get-ADPrincipalGroupMembership -Identity $env:username | Select name, GroupCategory, GroupScope, distinguishedName Get-ADPrincipalGroupMembership -Identity 'username' | Select name, GroupCategory, GroupScope, distinguishedName
To get all groups:
whoami /groups whoami /groups | out-file group.txt
Get Group Membership - Alternatives
This generates a whole heap of crap - the security groups are at the end. This also seems to recurse down the groups or something - it lists more groups than the other options.
gpresult /R
May need to install a module:
Install-WindowsFeature RSAT-AD-PowerShell
Also, try this:
get-aduser $env:username -Properties memberof | select -expand memberof get-aduser 'username' -Properties memberof | select -expand memberof
Or, a module-free version:
(New-Object System.DirectoryServices.DirectorySearcher("(&(objectCategory=User)(samAccountName=$($env:username)))")).FindOne().GetDirectoryEntry().memberOf
Get Local Admins
net localgroup administrators
Get Members of a Group
Get-ADGroupMember "X3 NZ Provoke Developers" -Recursive
active_directory.txt · Last modified: 2021/04/06 09:01 by 127.0.0.1