OK - is there a way that you know of to use a command line tool to pull that information accurately? It seems like if a cmdlet is inaccurate, it is pretty useless.
On Mon, Apr 24, 2017 at 3:02 PM, Brian Desmond <[email protected]> wrote: > MemberOf is a constructed attribute which the cmdlets may not be > requesting correctly or at all. ADUC makes specific calls to AD to get that > data. > > > > Thanks, > > Brian Desmond > > > > w – 312.625.1438 <(312)%20625-1438> | c – 312.731.3132 <(312)%20731-3132> > > > > *From:* [email protected] [mailto:listsadmin@lists. > myitforum.com] *On Behalf Of *Russ > *Sent:* Monday, April 24, 2017 4:32 PM > *To:* [email protected] > *Subject:* [NTSysADM] Get group membership through powershell > > > > I've often used powershell to get the groups that a user is a member of by > using get-adprincipalgroupmembership. It's always worked to my > knowledge. > > > > However, I've found one group which doesn't show up for anyone - so I was > curious if anyone has run into this before. If I run get-adgroupmember for > the group, everyone shows up who should be there, but if I try to run the > reverse on any of the users who are a member of the group, it doesn't show > up - it just returns "domain users". > > > > If I try get-aduser with -properties "memberof", nothing shows up for that > property at all. (not even domain users, but I think that's normal?). > > > > If you go into ADUC and look up the user, the two groups (this one, and > domain users) show up just fine. > > > > Does anyone know of a circumstance why this wouldn't return a value? >
