ps/Modules/Alkami.DevOps.SystemEngineering/Public/Get-SecurityGroupsForUser.ps1

function Get-SecurityGroupsForUser {

    <#
    .SYNOPSIS
      Returns security group membership for a user

    .DESCRIPTION
      Returns security group membership for a user.  Extended security group properties can be accessed from within the Groups property on the return object

    .PARAMETER User
      [string] The username to query

    .EXAMPLE
      Get-SecurityGroupsForUser "fake.mcfakeuser"

    #>

    [CmdletBinding()]
    [OutputType([System.Object[]])]
    Param(
        [Parameter(Mandatory)]
        [Alias("User")]
        [string]$UserName
    )

    $logLead = (Get-LogLeadName)

    if ($UserName -match "\\") {

        Write-Verbose "$logLead : Trimming Domain from UserName"
        $actualUserName = $UserName.Split("\\") | Select-Object -Last 1

    } elseif ($UserName -match "@") {

        Write-Verbose "$logLead : Trimming SAMAccountName Suffix from UserName"
        $actualUserName =  $UserName.Split("@") | Select-Object -First 1

    } else {

        $actualUserName = $UserName
    }

    Write-Host "$logLead : Looking up user information for user: [$actualUserName]"

    $actualUser = Get-ActiveDirectoryAccount -Identity $actualUserName

    if ($null -eq $actualUser) {

        Write-Warning "$logLead : Could not query user details for user: [$actualUserName]"
        return $null
    }

    $userGroupDNs = $actualUser | Select-Object -ExpandProperty memberOf

    $securityGroups = @()
    foreach ($group in $userGroupDNs) {

        $group = (Get-ADGroup $group)
        $securityGroup = New-Object PSObject -Property @{
            Name              = $group.Name;
            SamAccountName    = $group.SamAccountName;
            DistinguishedName = $group.DistinguishedName;
            SID               = $group.SID;
            Category          = $group.GroupCategory;
            Scope             = $group.GroupScope;
        }

        $securityGroup | Add-Member ScriptMethod ToString { $this.Name } -Force
        $securityGroups += New-Object PSObject -Property @{ Group = $securityGroup; }
    }

    return ($securityGroups | Sort-Object -Property {$_.Group.Name})
}
First full commit 2023-05-30 22:51:22 -07:00			`function Get-SecurityGroupsForUser {`

			`<#`
			`.SYNOPSIS`
			`Returns security group membership for a user`

			`.DESCRIPTION`
			`Returns security group membership for a user. Extended security group properties can be accessed from within the Groups property on the return object`

			`.PARAMETER User`
			`[string] The username to query`

			`.EXAMPLE`
			`Get-SecurityGroupsForUser "fake.mcfakeuser"`

			`#>`

			`[CmdletBinding()]`
			`[OutputType([System.Object[]])]`
			`Param(`
			`[Parameter(Mandatory)]`
			`[Alias("User")]`
			`[string]$UserName`
			`)`

			`$logLead = (Get-LogLeadName)`

			`if ($UserName -match "\\") {`

			`Write-Verbose "$logLead : Trimming Domain from UserName"`
			`$actualUserName = $UserName.Split("\\") \| Select-Object -Last 1`

			`} elseif ($UserName -match "@") {`

			`Write-Verbose "$logLead : Trimming SAMAccountName Suffix from UserName"`
			`$actualUserName = $UserName.Split("@") \| Select-Object -First 1`

			`} else {`

			`$actualUserName = $UserName`
			`}`

			`Write-Host "$logLead : Looking up user information for user: [$actualUserName]"`

			`$actualUser = Get-ActiveDirectoryAccount -Identity $actualUserName`

			`if ($null -eq $actualUser) {`

			`Write-Warning "$logLead : Could not query user details for user: [$actualUserName]"`
			`return $null`
			`}`

			`$userGroupDNs = $actualUser \| Select-Object -ExpandProperty memberOf`

			`$securityGroups = @()`
			`foreach ($group in $userGroupDNs) {`

			`$group = (Get-ADGroup $group)`
			`$securityGroup = New-Object PSObject -Property @{`
			`Name = $group.Name;`
			`SamAccountName = $group.SamAccountName;`
			`DistinguishedName = $group.DistinguishedName;`
			`SID = $group.SID;`
			`Category = $group.GroupCategory;`
			`Scope = $group.GroupScope;`
			`}`

			`$securityGroup \| Add-Member ScriptMethod ToString { $this.Name } -Force`
			`$securityGroups += New-Object PSObject -Property @{ Group = $securityGroup; }`
			`}`

			`return ($securityGroups \| Sort-Object -Property {$_.Group.Name})`
			`}`