4

There are various ways to either list all users & groups belonging to a group (or via gui), or conversely list all groups a group or user belongs to...

However, I am in a position where I wish to know whether a group (My Group) directly or indirectly contains a particular user (jsmith), e.g.

  • Yes, jsmith is a member of My Group or one of its members (recursively); or
  • No, jsmith is not a member of My Group or any of its members (recursively).

I don't need to enumerate all possible users of the group (unless that's the most efficient way to do it).

It would be a bonus if it indicated the heirarchy through which the membership arises, e.g.

  • My Group contains Some Other Group, which contains Some Team Group, which contains jsmith; or

  • My Group contains Poorly Maintained Group, which contains Domain Users, which contains jsmith.

What would be the best way to answer either of these questions?

Community
  • 1
Stobor
  • 656

1 Answers1

1

There is the calculated attribute in Active Directory "tokenGroups" that returns SIDs of all groups the user belong to.

begemot
  • 76