Powershell

How to Use Get-ADPrincipalGroupMembership (ActiveDirectory) in PowerShell

The “Get-ADPrincipalGroupMembership” cmdlet is utilized for getting the active directory groups a specified user is a member of. It needs a global catalog to perform a search. To search for the local groups in another domain, the “ResourceContextServer” parameter can be used. It will be assigned to the alternate server in another domain.

This post will discuss the “Get-ADPrincipalGroupMembership” cmdlet comprehensively.

How to Use the PowerShell Get-ADPrincipalGroupMembership (Active Directory)?

As described above, the stated cmdlet checks the membership of a specific user, account, or service. Let’s overview the examples regarding the “Get-ADPrincipalGroupMembership” cmdlet.

Example 1: Get All the Groups that the “Administrator” is a Member of
To get the list of groups that the “Administrator” is a member of, execute the provided cmdlet:

Get-ADPrincipalGroupMembership -Identity Administrator

In the above-stated code:

  • First, add the “Get-ADPrincipalGroupMembership” cmdlet.
  • Next, specify the “-Identity” parameter and assign it the value “Administrator”.

Example 2: Use the “Get-ADPrincipalGroupMembership” Cmdlet to Get the AD User Group Membership of a Specific User
Use the following command to check the group membership of the specific user:

Get-ADPrincipalGroupMembership -Identity <Username>

In accordance with the above code:

  • Specify the “Get-ADPrincipalGroupMembership” cmdlet.
  • Then, mention the “-Identity” parameter and provide the username to check its membership.

Example 3: Execute the Cmdlet “Get-ADPrincipalGroupMembership” to Check the Memberships of a Group in the Resource Domain of an Account
Run the provided command to check the membership of a group for an account in the domain’s resource:

Get-ADPrincipalGroupMembership -Identity <username> -ResourceContextServer <Server-Url> -ResourceContextPartition "DC=<Domain-Name>,DC=<TLD>"

According to the previously stated command:

  • First, “Get-ADPrincipalGroupMembership” cmdlet along with the “-Identity” and assign the username to it.
  • Then, write the “-ResourceContextServer” parameter and assign the server URL to it.
  • After that, specify another parameter and pass the stated value to it.

Example 4: Use the “Get-AdPrincipalGroupMembership” Cmdlet to Filter Groups
To get the filtered list of groups, execute the below-provided command:

Get-ADPrincipalGroupMembership -Identity <Username> | Select Name | Where-Object {$_.Name -like 'Domain*'} | Sort Name

In the above-stated command:

  • First, mention the “Get-ADPrincipalGroupMembership” cmdlet alongside the “-Identity” parameter having the username value assigned to it.
  • Next, specify the “|” pipeline along with the “Select” and the “Name” cmdlets.
  • Similarly, add the “|” pipeline and the “Where-Object” having the stated condition assigned to it.
  • Lastly, use the “|” pipeline, “Sort” and the “Name” cmdlet.

That’s all! We have provided the usage of the “Get-ADPrincipalGroupMembership” cmdlet in PowerShell.

Conclusion

The cmdlet “Get-ADPrincipalGroupMembership” gets the active directory groups that have specified accounts, users, or computers. This tutorial has elaborated on the “Get-ADPrincipalGroupMembership” cmdlet in comprehensive detail.

About the author

Muhammad Farhan

I am a Computer Science graduate and now a technical writer who loves to provide the easiest solutions to the most difficult problems related to Windows, Linux, and Web designing. My love for Computer Science emerges every day because of its ease in our everyday life.