Powershell Tip #72: Get the nested groups of a user in Active Directory

Tip: You can list the nested groups of a user in Active Directory:

As an example, there are 3 groups : Group 1, Group 2 and Group 3.

nested groups powershell group1 group2 group3

Non-Nested Groups

(Get-ADUser -Identity jsmith -Properties MemberOf).MemberOf

1	(Get-ADUser -Identity jsmith -Properties MemberOf).MemberOf

ad user properties memberof group

Nested Groups

$DN = (Get-ADUser -Identity jsmith -Properties DistinguishedName).DistinguishedName
Get-ADGroup -LDAPFilter "(member:1.2.840.113556.1.4.1941:=$($DN))"

1 2	$DN = (Get-ADUser -Identity jsmith -Properties DistinguishedName).DistinguishedName Get-ADGroup -LDAPFilter "(member:1.2.840.113556.1.4.1941:=$($DN))"

ad user nested group active directory

Note: Get-ADUSer requires ActiveDirectory module.

Leave a Reply Cancel reply