If you run a large Active Directory, you should use specific Active Directory cmdlets or management functions. However, if you just want to know the groups a given user account belongs to, and if the user account can also be a non-domain local account, then WMI may yield the information you need. Here's a little function to play with:
function Get-GroupMembership { param( $UserName = $env:username, $Domain = $env:userdomain ) $user = Get-WmiObject -Class Win32_UserAccount -Filter "Name='$UserName' and Domain='$Domain'" $user.GetRelated('Win32_Group') }
By default, it returns the group memberships of the account that runs the script but you can use the parameters -UserName and -Domain to also specify a different account.
If you want to access a local account on a different machine, then add the parameter -ComputerName to Get-WmiObject. If you want to use PowerShell remoting rather than DCOM to remotely connect to another machine, you may want to use the new CIM cmdlets instead (Get-CimInstance instead of Get-WmiObject).
