If you’d like to know the group memberships of the currently logged on user (the one that is running a script), you don’t need to query the Active Directory. Instead, examine the access token. It contains all effective group memberships, including nested ones:
#requires -Version 1 try { $groups = ([Security.Principal.WindowsIdentity]::GetCurrent()).Groups | ForEach-Object { $_.Translate([Security.Principal.NTAccount]) } | Sort-Object } catch { Write-Warning 'Groups could not be retrieved.' } $groups
