-
Notifications
You must be signed in to change notification settings - Fork 64
/
Copy pathCheck-GroupMembership.ps1
42 lines (37 loc) · 1.35 KB
/
Check-GroupMembership.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
####################################
#Function to check group membership
####################################
function Check-GroupMembership ([System.Security.Principal.WindowsIdentity]$User, [string]$GroupName)
{
$WindowsPrincipal = New-Object System.Security.Principal.WindowsPrincipal($User)
if($WindowsPrincipal.IsInRole($GroupName))
{
$bIsMember = $true
} else {
$bIsMember = $false
}
return $bIsMember
}
#Current User Example:
$me = [System.Security.Principal.WindowsIdentity]::GetCurrent()
$group = “administrators”
$IsMember = Check-GroupMembership $me $group
#########################
#Get Group Membership Fast - Translate SID to Name
#########################
[System.Security.Principal.WindowsIdentity]::GetCurrent().Groups.Value |
ForEach-Object {
$sid = $_
$objSID = New-Object System.Security.Principal.SecurityIdentifier($sid)
$objUser = $objSID.Translate( [System.Security.Principal.NTAccount])
$objUser.Value
}
#######################################
# obtain current user Group Membership
#######################################
$CurrentUser = [System.Security.Principal.WindowsIdentity]::GetCurrent()
$WindowsPrincipal = New-Object System.Security.Principal.WindowsPrincipal($CurrentUser)
if($WindowsPrincipal.IsInRole("Domain Admins"))
{ "User is member of domain admins" }
else
{ "User is not a member of domain admins" }