|
|
@@ -0,0 +1,44 @@
|
|
|
+Param
|
|
|
+(
|
|
|
+ [string]$DistinguishedName,
|
|
|
+ [array]$Groups = @(),
|
|
|
+ [switch]$Duplicates
|
|
|
+)
|
|
|
+
|
|
|
+#The user to check.
|
|
|
+# $User = "max.mustermann@domain.com";
|
|
|
+
|
|
|
+#Get all groups.
|
|
|
+# $Groups = Get-ADUserNestedGroups -DistinguishedName (Get-ADUser -Identity $User).DistinguishedName;
|
|
|
+
|
|
|
+#Output all groups.
|
|
|
+# $Groups | Select-Object Name | Sort-Object -Property Name;
|
|
|
+
|
|
|
+#Get the AD object, and get group membership.
|
|
|
+$ADObject = Get-ADObject -Filter "DistinguishedName -eq '$DistinguishedName'" -Properties memberOf, DistinguishedName;
|
|
|
+
|
|
|
+#If object exists.
|
|
|
+If($ADObject)
|
|
|
+{
|
|
|
+ #Enummurate through each of the groups.
|
|
|
+ Foreach($GroupDistinguishedName in $ADObject.memberOf)
|
|
|
+ {
|
|
|
+ #Get member of groups from the enummerated group.
|
|
|
+ $CurrentGroup = Get-ADObject -Filter "DistinguishedName -eq '$GroupDistinguishedName'" -Properties memberOf, DistinguishedName;
|
|
|
+
|
|
|
+ #Check if the group is already in the array.
|
|
|
+ If(($Groups | Where-Object {$_.DistinguishedName -eq $GroupDistinguishedName}).Count -eq 0)
|
|
|
+ {
|
|
|
+ #Add group to array.
|
|
|
+ $Groups += $CurrentGroup;
|
|
|
+
|
|
|
+ #Get recursive groups.
|
|
|
+ $Groups = Get-ADUserNestedGroups -DistinguishedName $GroupDistinguishedName -Groups $Groups;
|
|
|
+ } elseif ($Duplicates) {
|
|
|
+ "Duplicate: $($CurrentGroup.DistinguishedName)" | Out-Host
|
|
|
+ }
|
|
|
+ }
|
|
|
+}
|
|
|
+
|
|
|
+#Return groups.
|
|
|
+$Groups;
|
Tobias Simetsreiter