I have a set of nested AD groups:
group
subgroup1
subsubgroup1a
subsubgroup2b
subgroup2
subsubgroup2a
userXY
subsubgroup2b
I'm using "group" to grant access to a server. Now I want to know why my "userXY" has access to the server. How can I use powershell to find out that the user is member of "subsubgroup2a"?
Best Answer
Update: Technically if you don't mind building a bulky function,
Then you can run:
I've used that one in the past. Takes a while too. Or
Here's a prebuilt script to find nested group data: https://gallery.technet.microsoft.com/scriptcenter/Get-nested-group-15f725f2
Update 2: Admin friend uses this script. It does list all sec groups but still does work and you can dump to CSV for easy nav: http://practical-admin.com/blog/powershell-recursively-show-user-membership-in-an-active-directory-group/