How to find Groups that belong to Foreign User

Some time ago I write a post how to find Groups for a given User via LDAP query.
But if you need to do the same job for a foreign user (user from another trusted AD), you need to use the user SID inside query. So I switch to powershell. This script, after inserted the Username and Domain of foreign user, display all the groups that have name that start with rf- and have the foreign user as member:

$strSAMAccount = Read-Host "Sam Account :"
$strDomain = Read-Host "Domain :"
$objUser = New-Object System.Security.Principal.NTAccount($strDomain, $strSAMAccount)
$strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])
$objCurrentDomain = New-Object System.DirectoryServices.DirectoryEntry

$strMember = "CN=" + $strSID.Value + ",CN=ForeignSecurityPrincipals," + $objCurrentDomain.distinguishedName

Write-Host $strMember
Get-ADGroup -filter {name -like "rf-*" -and member -eq $strMember}

You need AD Powershell Module for make that script working:

import-module ActiveDirectory
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s