Sqlserver-dba.com - SQL Server support and SQL Server Performance Tuning
    SQL Server DBA:Everything | DBA Scripts | Powershell Scripts | DBA checklists | SQL Antipattern | Wait Stats | SQL Server Performance Tuning

Search sqlserver-dba.com

Follow sqlserver-dba.com

Subscribe to RSS feed  Follow @jackvamvas - Twitter

*Use the Comments section for questions

SQLServer-DBA.com Links

Dba_db2_button

dba-ninja.com

Recent Posts

SQL Server DBA Jobs

How to get the Active Directory groups membership for user with Powershell Get-ADPrincipalGroupMembership

27 September,2019 by Tom Collins

Question: How can I get the Active Directory groups for a specific user using Powershell? I'm facing a problem where a user is getting a failed login to a SQL Server. This SQL Server has multiple Active Directory groups attached to it - but I don't have visibility to the members of the groups. 

I know I can use the Get-ADGroupMember powershell cmdlet , which would give the member list of a specified Active Directory group, but this would be time - consuming . 

Is there a Powershell based method to specify the domain user and return the list of active directory groups which they are a member of ?

Answer: There is powershell cmdlet to the rescue! Get-ADPrincipalGroupMembership

The Get-ADPrincipalGroupMembership cmdlet will return the group membership of the specified user , in the current domain  of the logon executing this cmdlet 

Example 1 : Return group membership of the specified user

Get-ADPrincipalGroupMembership 'MYID1' | select name

Example 2 : Return group membership of the specified user , but this time run the scan of another trusted domain . Note : using the -server switch 

Get-ADPrincipalGroupMembership 'MYID1' -server 'domanin2.net'| select name

For some extra information on using  Get-ADPrincipalGroupMembership on another trusted domain read     Get-ADPrincipalGroupMembership other domain

 

Read more on Powershell and Active Directory 

How to search a different Active Directory Domain with Powershell ...

How to Export Active Directory Group Members with Powershell Get-ADGroupMember

How to install the Active Directory Module for Windows Powershell ...


Author: Tom Collins (http://www.sqlserver-dba.com)


Share:

Posted by Tom Collins at 9:30 AM in Powershell, Security Management | Permalink | Comments (2)

In your command, what does the following represent - select name

Posted by: John | Feb 20, 2020 3:36:54 PM

@John - select name in this powershell cmdlet call "Get-ADPrincipalGroupMembership 'MYID1' | select name" - is asking just for the name column to be returned from the recordset generated by Get-ADPrincipalGroupMembership 'MYID1'.

You can do other things such as "select * " - which returns all the columns, or select col1,col2 ...

Posted by: Jack Vamvas | Feb 26, 2020 8:17:04 AM

Verify your Comment

Previewing your Comment

Posted by: |

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment on How to get the Active Directory groups membership for user with Powershell Get-ADPrincipalGroupMembership

sqlserver-dba.com | SQL Server Performance Tuning | SQL Server DBA:Everything | FAQ | Contact|Copyright & Disclaimer