Something that is kind of weird that I haven't ran into before. We just did a domain migration and so now when I run a Get-ADUser {username} -Properties MemberOf against a standard user the MemberOf property returns {}.
Get-ADUser lsmith -Properties MemberOf
GivenName : Lloyd
MemberOf : {}
Name : Lloyd Smith
ObjectClass : user
ObjectGUID : 5a599172-4913-4866-8767-ce8cb7d0887a
SamAccountName : lsmith
SID : S-1-5-21-2658504567-3195209084-2410544121-3270
Surname : Smith
UserPrincipalName : lsmith@domain.com
If I run that same command against a user who is a domain admin, the MemberOf property returns the groups they are a member of. However, if I open PowerShell as an Administrator, the MemberOf property is populated when running this command against any user.
Has anyone else ran into this issue? It wouldn't be a huge deal, if I didn't need that property to be populated when running a PowerShell script through an ASP.Net web application.
Best Answer
Going back through the old domain, it looks like the permissions were not set for authenticated users to be able to have read group membership. Once this was set, the property is populated without an issue.