]> Using Powershell to get the current user's group membership 🌐:aligrant.com

Using Powershell to get the current user's group membership

Alastair Grant | Wed 1 Jul 2020

Every now and then I want to know what groups a user is a member of in a domain attached computer in PowerShell. The traditional answer to this approach is to use the Get-ADPrincipalGroupMembership cmdlet, which does precisely this.  The catch with using this approach is that it requires the Active Directory module for Windows PowerShell to be installed; this is a feature that can be added via Roles and Features but is not installed by default.

Fortunately, when it comes to the current user, we don't need to go to that module, we can instead turn to .NET and run a very simple function call:

[System.Security.Principal.WindowsIdentity]::GetCurrent().Groups

This will give the claims of the current user, including domain groups and nested groups.  The catch is you only get SIDs returned for this, which is less helpful for us humans to read.

To resolve the SIDs you can pipe the output into a loop to convert it to a more readable format:

[System.Security.Principal.WindowsIdentity]::GetCurrent().Groups | ForEach-Object -Process { Write-Host $_.Translate([System.Security.Principal.NTAccount]) }

The above will simply print out the object name for each group, put whatever logic you want in the -Process argument.

Breaking from the voyeuristic norms of the Internet, any comments can be made in private by contacting me.

Related