Getting Group Membership – Fast

by Jun 2, 2014

If you need to find out the Active Directory groups your user account is in, typically you would query the Active Directory, and you would have to find the nested group memberships as well.

Here is a technique that gets you your own group memberships including nested groups and local groups in no time. This script takes a look at your access token (which ultimately governs your permissions). It then reads all SIDs from your token and translates the SID into a real name.

Note that you can use this approach for the current user only. It works great for logon scripts where you would like to take some action based on group membership:

[System.Security.Principal.WindowsIdentity]::GetCurrent().Groups.Value |
  ForEach-Object {
    $sid = $_
    $objSID = New-Object System.Security.Principal.SecurityIdentifier($sid) 
    $objUser = $objSID.Translate( [System.Security.Principal.NTAccount]) 

Twitter This Tip! ReTweet this Tip!