function Get-SecurityGroupsForUser { <# .SYNOPSIS Returns security group membership for a user .DESCRIPTION Returns security group membership for a user. Extended security group properties can be accessed from within the Groups property on the return object .PARAMETER User [string] The username to query .EXAMPLE Get-SecurityGroupsForUser "fake.mcfakeuser" #> [CmdletBinding()] [OutputType([System.Object[]])] Param( [Parameter(Mandatory)] [Alias("User")] [string]$UserName ) $logLead = (Get-LogLeadName) if ($UserName -match "\\") { Write-Verbose "$logLead : Trimming Domain from UserName" $actualUserName = $UserName.Split("\\") | Select-Object -Last 1 } elseif ($UserName -match "@") { Write-Verbose "$logLead : Trimming SAMAccountName Suffix from UserName" $actualUserName = $UserName.Split("@") | Select-Object -First 1 } else { $actualUserName = $UserName } Write-Host "$logLead : Looking up user information for user: [$actualUserName]" $actualUser = Get-ActiveDirectoryAccount -Identity $actualUserName if ($null -eq $actualUser) { Write-Warning "$logLead : Could not query user details for user: [$actualUserName]" return $null } $userGroupDNs = $actualUser | Select-Object -ExpandProperty memberOf $securityGroups = @() foreach ($group in $userGroupDNs) { $group = (Get-ADGroup $group) $securityGroup = New-Object PSObject -Property @{ Name = $group.Name; SamAccountName = $group.SamAccountName; DistinguishedName = $group.DistinguishedName; SID = $group.SID; Category = $group.GroupCategory; Scope = $group.GroupScope; } $securityGroup | Add-Member ScriptMethod ToString { $this.Name } -Force $securityGroups += New-Object PSObject -Property @{ Group = $securityGroup; } } return ($securityGroups | Sort-Object -Property {$_.Group.Name}) }