<# .SYNOPSIS This function returns the list of the groups a user inherits from his token .DESCRIPTION This function searches the SIDs of groups inherited from a user and translates them into Ldap names based on the global catalog. The function works on a multi-domain forest .PARAMETER user The SamAccountName from user .PARAMETER DomainController A domain controller of the user domain that will execute the command. The domain controller must be a global catalog. If it is not set the function, will determine a domain controller. .EXAMPLE Get-ADUserGroup -user pbarth -DomainController 2016dc1.htrab.lan GroupDN Nom ------- --- CN=Utilisateurs,CN=Builtin,DC=htrab,DC=lan Utilisateurs CN=SDL-CT-Partage-Info,OU=Securite_Domaine,OU=Groupes,DC=htrab,DC=lan SDL-CT-Partage-Info CN=SDL-R-Partage-Compta,OU=Securite_Domaine,OU=Groupes,DC=htrab,DC=lan SDL-R-Partage-Compta CN=SDL-M-Imprimante-Direction,OU=Securite_Domaine,OU=Groupes,DC=htrab,DC=lan SDL-M-Imprimante-Dire... CN=Utilisateurs du domaine,CN=Users,DC=htrab,DC=lan Utilisateurs du domaine CN=SG-Service-Informatique,OU=Securite_global,OU=Groupes,DC=htrab,DC=lan SG-Service-Informatique .NOTES Author: Philippe BARTH Version: 1.0 #> # Déclaration des paramètres param([string]$user, [string]$DomainController = (Get-ADDomainController -Discover -Service GlobalCatalog).hostname) # #gestion des erreurs Trap { #continue } #Fonction $userdn =(Get-ADUser $user -Server $DomainController).DistinguishedName $liste_groupes = Get-ADUser -SearchScope Base -SearchBase $userdn -LDAPFilter '(objectClass=user)' -Properties tokenGroups -server $DomainController| Select-Object -ExpandProperty tokenGroups | Select-Object -ExpandProperty Value $liste=@() foreach ($g in $liste_groupes) { $GC=$DomainController+":3268" $b= Get-ADGroup -filter { Sid -eq $g } -server $GC $r= New-Object -TypeName PSObject -Property @{ Name = $b.Name DN = $b.DistinguishedName } $liste += $r } return $liste