Define the username you want to check access for
$username = “username”
Define the Active Directory domain
$domain = “yourdomain.local”
Get the user’s distinguished name
$userDN = Get-ADUser -Filter {SamAccountName -eq $username} -Server $domain | Select-Object -ExpandProperty DistinguishedName
if ($userDN) {
# Get the user’s group memberships
$userGroups = Get-ADPrincipalGroupMembership -Identity $userDN | Select-Object -Property Name
Write-Host "User: $username"
Write-Host "Groups:"
$userGroups | ForEach-Object { Write-Host "- $($_.Name)" }
} else {
Write-Host “User $username not found in Active Directory.”
}
Make sure to replace "username"
with the actual username you want to check and "yourdomain.local"
with your Active Directory domain.
This script retrieves the distinguished name of the provided username, then fetches the group memberships for that user and displays them. Please note that this script assumes you have the Active Directory module installed and that you have the necessary permissions to query Active Directory. Additionally, you might need to adjust the script if your Active Directory structure is more complex or if you’re using a different naming convention for groups.