List all groups and their descriptions for a specific user in Active Directory using PowerShell

Question

I am trying to get the list of a specific user’s groups and the groups’ descriptions using PowerShell.

import-module activedirectory
$username = Read-Host 'Please enter Username!'
Get-ADPrincipalGroupMembership $username | select name, description

The description field returns blank.

Related ones: http://stackoverflow.com/q/5072996/2157640 http://stackoverflow.com/q/1458016/2157640 Did they help? — Palec, Feb 03 '14 at 03:24
First link helped, though cannot figure out how to display the Description of the Groups — user3264332, Feb 03 '14 at 03:29

score 6 · Accepted Answer · answered Feb 03 '14 at 03:46

From Get-ADPrincipalGroupMembership manual:

The Get-ADPrincipalGroupMembership cmdlet returns a default set of ADGroup property values. To retrieve additional ADGroup properties pass the ADGroups objects produced by this cmdlet through the pipline to Get-ADGroup. Specify the additional properties required from the group objects by passing the -Properties parameter to Get-ADGroup.

So, let’s do it!

import-module activedirectory
$username = Read-Host 'Please enter Username!'
Get-ADPrincipalGroupMembership $username | Get-ADGroup -Properties * | select name, description

Also, in this case it should be enough to specify name,description instead of asterisk (*). If this is a performance issue, replace it. I am leaving it at asterisk because you might later change your mind about which properties you need.

score 2 · Answer 2 · edited Sep 29 '20 at 21:57

Here is a simple but effective script to get AD Group info.

Get-ADGroup -filter * -Properties * | Select Name,GroupCategory,Description | Export-Csv D:\Test\SecurityGroups.csv

Just add or remove the attributes you would like to see in the Select area. To see a list of usable attributes you can do something like this:

Get-ADGroup -filter * -Properties * | Where-Object {$_.Name -eq 'DHCP Users' }

MKesper · Answer 3 · 2015-10-22T13:30:36.013

Get-ADPrincipalGroupMembership should work but fails if any group has a NAME containing '/' (which is a legal character in names as far as I understood the MS AD documentation).

This forces a heavy workaround:

$Groups = (Get-ADUser -identity $TemplateUserName -server $TemplateUserDomain -Properties MemberOf|select memberof).MemberOf|Get-ADGroup -Server :3268
foreach ($Group in $Groups)
{
    Write-Output $Group.Name
}

Notice I use a domain search for the user's properties and then a search in global catalog (-server :3268) for each group. Else you eventually won't get all of the user's groups or you'll get an error if any group belongs to a different domain than the user.

score -1 · Answer 4 · edited Apr 09 '15 at 23:59

-1

For Users

Get-ADUser -Filter {name -eq $username} -Properties * | select name,description

For Groups

Get-ADGroup -Filter {displayname -eq $groupname} -Properties * | select name,description

edited Apr 09 '15 at 23:59

edubriguenti

3,926
3
37
47

answered Apr 09 '15 at 22:56

SpeKtro

1

Can you explain what your code is doing? That would help make your answer clearer. – Juan Carlos Farah Apr 09 '15 at 23:24

List all groups and their descriptions for a specific user in Active Directory using PowerShell

4 Answers4