Get-ADUserMemberOfRecursive

1.2.1

Get-ADUserMemberOfRecursive.ps1

<#PSScriptInfo
 
.VERSION 1.2.1
 
.GUID 48971233-8145-47a3-84b3-b8b596766572
 
.AUTHOR saw-friendship
 
.COMPANYNAME
 
.COPYRIGHT
 
.DESCRIPTION Get All ADGroup that contains this user
 
.TAGS ActiveDirectory ADUserMemberofRecursive ADGroup Member ADUser Search
 
.LICENSEURI
 
.PROJECTURI
 
.ICONURI
 
.EXTERNALMODULEDEPENDENCIES
 
.REQUIREDSCRIPTS
 
.EXTERNALSCRIPTDEPENDENCIES
 
.RELEASENOTES
 
#>

<#
 
.EXAMPLE
Get-ADUser Administrator | Get-ADUserMemberOfRecursive
 
.EXAMPLE
Get-ADUserMemberOfRecursive (Get-ADUser Administrator)
 
.EXAMPLE
Get-ADUserMemberOfRecursive (Get-ADUser Administrator) -Server DC1 -Properties Description -ExcludePrimaryGroup
 
.EXAMPLE
Get-ADComputer PC1 | Get-ADUserMemberOfRecursive
 
#>
[CmdletBinding()]
    param (
         [Parameter(Mandatory=$true,ValueFromPipeline=$true,ValueFromPipelineByPropertyName=$true)][string]$DistinguishedName
        ,[string[]]$Properties = @()
        ,[string]$Server = (Get-ADForest).SchemaMaster
        ,[Switch]$ExcludePrimaryGroup

    )

    Begin {
        [string[]]$UniqueDN = @()
        [string[]]$UniqueGroupSid = @()

        Function _Get-ADUserMemberOfRecursive {
        [CmdletBinding()]
            param (
                 [Parameter(Mandatory=$true,ValueFromPipeline=$true,ValueFromPipelineByPropertyName=$true)][string[]]$DistinguishedName
                ,[string[]]$Properties = @()
                ,[string]$Server = (Get-ADForest).SchemaMaster
                ,[Switch]$ExcludePrimaryGroup

            )
            Begin {
                $DomainSID = (Get-ADDomain -Server $Server).DomainSID
                if (!$UniqueGroupSid) {[string[]]$UniqueGroupSid = @()}
                if (! $Properties.Contains('MemberOf')) {$Properties += 'MemberOf'}
                if (! $Properties.Contains('primaryGroupID')) {$Properties += 'primaryGroupID'}

            }
            Process {
                $DistinguishedName | % {
                    $ADObject = Get-ADObject -Identity $_ -Server $Server -Properties @('MemberOf','objectSid','primaryGroupID')
                    $MemberOf = @($ADObject.MemberOf | Get-ADGroup -Properties $Properties -Server $Server -ErrorAction Stop)
                    if ($ADObject.ObjectClass -ne 'group' -and $ADObject.primaryGroupID -and !$ExcludePrimaryGroup) {
                        $MemberOf += Get-ADGroup -Identity $(@($DomainSID,$ADObject.primaryGroupID) -join '-') -Server $Server -Properties @('MemberOf','objectSid','primaryGroupID')
                    }
                    if (!$UniqueGroupSid) {[string[]]$UniqueGroupSid = @()}
                    if (!$UniqueGroupSid.Contains($ADObject.objectSid.Value) -and $ADObject.ObjectClass -eq 'group') {
                        $UniqueGroupSid += $ADObject.objectSid.Value
                        Get-ADGroup -Identity $ADObject.DistinguishedName -Properties $Properties -Server $Server
                    }
                    $MemberOf | % {
                        if (!@($UniqueGroupSid).Contains($_.SID.Value)) {
                            $UniqueGroupSid += $_.SID.Value
                            $_; $_ | _Get-ADUserMemberOfRecursive -Server $Server -Properties $Properties -ExcludePrimaryGroup:$ExcludePrimaryGroup
                            Write-Verbose -Message $('first: ' + $_.Name + ' -> ' + $ADObject.Name)
                        } else {
                            Write-Verbose -Message $('double: ' + $_.Name + ' -> ' + $ADObject.Name)
                        }

                    }
                }
            }
            End {}
        }
    }
    Process {}
    End {
        _Get-ADUserMemberOfRecursive -DistinguishedName $DistinguishedName -Server $Server -Properties $Properties -ExcludePrimaryGroup:$ExcludePrimaryGroup | % {
            if (!$UniqueDN.Contains($_.DistinguishedName)) {
                $_; $UniqueDN += $_.DistinguishedName
            }
        }
    }