Get-ADPrinicpalGroupMembership - Cmdlet Syntax and Examples

May 10, 2018 0 Comments PowerShell, Active-Directory, Get-ADPrinicpalGroupMembership, Get-ADGroup

SYNOPSIS

Gets the Active Directory groups that have a specified user, computer, group, or service account.

CMDLET ALIASES


DESCRIPTION

The Get-ADPrincipalGroupMembership cmdlet gets the Active Directory groups that a user, computer, group, or service account is a member of.

The Identity parameter specifies the user, computer, or group object that you want to determine group membership for. You can identify a user, computer, or group object by its distinguished name, GUID, security identifier, or SAM account name. You can also specify a user, group, or computer object variable, such as $<localGroupObject>, or pass an object through the pipeline to the Identity parameter.

For example, you can use the Get-ADGroup cmdlet to retrieve a group object and then pass the object through the pipeline to the Get-ADPrincipalGroupMembership cmdlet. Similarly, you can use Get-ADUser or Get-ADComputer to get user and computer objects to pass through the pipeline.

This cmdlet requires a global catalog to perform the group search. If the forest that contains the user, computer, or group does not have a global catalog, the cmdlet returns a non-terminating error. If you want to search for local groups in another domain, use the ResourceContextServer parameter to specify the alternate server in the other domain.


SYNTAX

Get-ADPrincipalGroupMembership [-Identity] <ADPrincipal> [-AuthType {Negotiate | Basic}] [-Credential <PSCredential>]
[-Partition <String>] [-ResourceContextPartition <String>] [-ResourceContextServer <String>] [-Server <String>] [<CommonParameters>]

EXAMPLES

Get-ADPrincipalGroupMembership Michael_Kanakos | select name
  • Returns groups michael_kanakos
  • selects only the name of the group

Get-ADPrincipalGroupMembership Michael_Kanakos | Get-ADGroup -prop description | select name, description
  • generates a list of groups for Michael Kanakos
  • pipes the output from Get-AdPrinicpalGroupmembership to Get-ADComputer because the first cmdlet doesnt have the group description information available to display.
  • final output is the groups and the description field for each group

Get-ADPrincipalGroupMembership Michael_Kanakos | Where-Object {$_.name -like "role*"} | Get-ADGroup -prop description | `
select name, description
  • generates a filtered list of groups that contain the word ROLE in the name
  • passes the the filtered list to the Get-ADComputer cmdlet to retreive group descriptions
  • final output is a list of groups that contain the word ROLE and their descriptions

Get-ADPrincipalGroupMembership Michael_Kanakos | Where-Object { $_.name -like "sg*" } | select name | ogv
  • Returns list of groups that Michael is a member of
  • filters for only groups that start with SG
  • outputs results to gridview.

Get-ADPrincipalGroupMembership Michael_Kanakos | get-adgroup -prop description | select name, description | `
Where-Object { $_.name -like "DL*" } | sort name
  • Returns name and description of groups that Alan is a member of
  • filters for only groups that start with DL

You've successfully subscribed to Command Line Ninja
Great! Next, complete checkout for full access to Command Line Ninja
Welcome back! You've successfully signed in.
Unable to sign you in. Please try again.
Success! Your account is fully activated, you now have access to all content.
Error! Stripe checkout failed.
Success! Your billing info is updated.
Error! Billing info update failed.
Table fo contents