<#
.SYNOPSIS
This function returns the list of the groups a user inherits from his token
.DESCRIPTION
This function searches the SIDs of groups inherited from a user and translates them into Ldap names based on the global catalog. The function works on a multi-domain forest
.PARAMETER user
The SamAccountName from user
.PARAMETER DomainController
A domain controller of the user domain that will execute the command.
The domain controller must be a global catalog.
If it is not set the function, will determine a domain controller.
.EXAMPLE
Get-ADUserGroup -user pbarth -DomainController 2016dc1.htrab.lan
GroupDN Nom
------- ---
CN=Utilisateurs,CN=Builtin,DC=htrab,DC=lan Utilisateurs
CN=SDL-CT-Partage-Info,OU=Securite_Domaine,OU=Groupes,DC=htrab,DC=lan SDL-CT-Partage-Info
CN=SDL-R-Partage-Compta,OU=Securite_Domaine,OU=Groupes,DC=htrab,DC=lan SDL-R-Partage-Compta
CN=SDL-M-Imprimante-Direction,OU=Securite_Domaine,OU=Groupes,DC=htrab,DC=lan SDL-M-Imprimante-Dire...
CN=Utilisateurs du domaine,CN=Users,DC=htrab,DC=lan Utilisateurs du domaine
CN=SG-Service-Informatique,OU=Securite_global,OU=Groupes,DC=htrab,DC=lan SG-Service-Informatique
.NOTES
Author: Philippe BARTH
Version: 1.0
#>
# Déclaration des paramètres
param([string]$user, [string]$DomainController = (Get-ADDomainController -Discover -Service GlobalCatalog).hostname)
#
#gestion des erreurs
Trap
{
#continue
}
#Fonction
$userdn =(Get-ADUser $user -Server $DomainController).DistinguishedName
$liste_groupes = Get-ADUser -SearchScope Base -SearchBase $userdn -LDAPFilter '(objectClass=user)' -Properties tokenGroups -server $DomainController| Select-Object -ExpandProperty tokenGroups | Select-Object -ExpandProperty Value
$liste=@()
foreach ($g in $liste_groupes)
{
$GC=$DomainController+":3268"
$b= Get-ADGroup -filter { Sid -eq $g } -server $GC
$r= New-Object -TypeName PSObject -Property @{
Name = $b.Name
DN = $b.DistinguishedName
}
$liste += $r
}
return $liste