73 lines
2.1 KiB
PowerShell
73 lines
2.1 KiB
PowerShell
function Get-SecurityGroupsForUser {
|
|
|
|
<#
|
|
.SYNOPSIS
|
|
Returns security group membership for a user
|
|
|
|
.DESCRIPTION
|
|
Returns security group membership for a user. Extended security group properties can be accessed from within the Groups property on the return object
|
|
|
|
.PARAMETER User
|
|
[string] The username to query
|
|
|
|
.EXAMPLE
|
|
Get-SecurityGroupsForUser "fake.mcfakeuser"
|
|
|
|
#>
|
|
|
|
[CmdletBinding()]
|
|
[OutputType([System.Object[]])]
|
|
Param(
|
|
[Parameter(Mandatory)]
|
|
[Alias("User")]
|
|
[string]$UserName
|
|
)
|
|
|
|
$logLead = (Get-LogLeadName)
|
|
|
|
if ($UserName -match "\\") {
|
|
|
|
Write-Verbose "$logLead : Trimming Domain from UserName"
|
|
$actualUserName = $UserName.Split("\\") | Select-Object -Last 1
|
|
|
|
} elseif ($UserName -match "@") {
|
|
|
|
Write-Verbose "$logLead : Trimming SAMAccountName Suffix from UserName"
|
|
$actualUserName = $UserName.Split("@") | Select-Object -First 1
|
|
|
|
} else {
|
|
|
|
$actualUserName = $UserName
|
|
}
|
|
|
|
Write-Host "$logLead : Looking up user information for user: [$actualUserName]"
|
|
|
|
$actualUser = Get-ActiveDirectoryAccount -Identity $actualUserName
|
|
|
|
if ($null -eq $actualUser) {
|
|
|
|
Write-Warning "$logLead : Could not query user details for user: [$actualUserName]"
|
|
return $null
|
|
}
|
|
|
|
$userGroupDNs = $actualUser | Select-Object -ExpandProperty memberOf
|
|
|
|
$securityGroups = @()
|
|
foreach ($group in $userGroupDNs) {
|
|
|
|
$group = (Get-ADGroup $group)
|
|
$securityGroup = New-Object PSObject -Property @{
|
|
Name = $group.Name;
|
|
SamAccountName = $group.SamAccountName;
|
|
DistinguishedName = $group.DistinguishedName;
|
|
SID = $group.SID;
|
|
Category = $group.GroupCategory;
|
|
Scope = $group.GroupScope;
|
|
}
|
|
|
|
$securityGroup | Add-Member ScriptMethod ToString { $this.Name } -Force
|
|
$securityGroups += New-Object PSObject -Property @{ Group = $securityGroup; }
|
|
}
|
|
|
|
return ($securityGroups | Sort-Object -Property {$_.Group.Name})
|
|
} |