How to get all Active Directory groups of an user with powershell?

Sometimes it is needed to get all the Active Directory groups for an user. One reason is the calculation of KERBEROS TOKEN size for an user.

On the web are a lot of articles exists where you can see that it is solved with just 3 lines, but it never works fine:

Copy to Clipboard

We use very often tool like Access Rights Manager from SolarWinds (formally 8MAN) you see that the number and amount of membership is not true.

Here is the output of the command:

But in the Access Rights Manager/ARM tool you see:

As you can see the number is 8 + 1 (local group membership of a Windows PC). This is a benefit of the ARM tool, that you can see the membership of any device or technology you connected with collectors. The PowerShell command gives us just 5 and this makes a difference of 3.

We’ve adapted the command and then it shows all what the ARM tool shows.

Copy to Clipboard

I hope it helps like you, like it helps a lot of our customers. We support you for scripting and all topics around access rights management and specially we are the experts of ARM by SolarWinds (formally 8MAN), because we were part of the former Protected Networks GmbH family. We invented and developed ARM.