Enumeration of All Groups for a User (traversing nested groups) in Active Directory

I ran into an odd situation where I needed to be able to enumerate all of the groups that a user was a member. I found a lot of programs and scripts that will list the groups for a user, but none that would traverse nested groups.

The script writes the information to a file for better reviewing later. The output adds indentation to help readability.

Here is my solution.

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36

# #    Enumerate All Groups for a User (including traversing nested groups) #        @param distinguishedName - The distinguished name of the object you want to traverse #        Brock Moeller #        12/16/2009 # param (     $distinguishedName = "CN=Joe Dirt,OU=Users,DC=serv,DC=ubercorp,DC=com" )   $roles = @{}; $indent = -1; filter EnumRoles {     $indent += 1;     if ($_ -is [System.DirectoryServices.DirectoryEntry]){         $adsiObj = $_;     } else {         $adsiObj = New-Object System.DirectoryServices.DirectoryEntry("LDAP://" + $_);     }     if ((-not [String]::IsNullOrEmpty($adsiObj.cn)) -and (-not $roles.ContainsKey($adsiObj.cn))){         $roles[$adsiObj.cn] = 1;         $memberOfCount = $adsiObj.memberOf.Count;         $("`t"*$indent) + $adsiObj.cn + " [$memberOfCount]";         if (($memberOfCount -gt 0) -and ($indent -lt 900)) {             $adsiObj.memberOf | EnumRoles;         }     }     $indent -= 1; }   $user = [adsi]"LDAP://$distinguishedName"; $user; $buffer = $user.Path + "`n"; $user | EnumRoles | % { $buffer += $_ + "`n" }; "Buffer: " + $buffer.ToString(); [System.IO.File]::WriteAllText("$pwd\$($user.cn).txt", $buffer.ToString());