The issue with Get-ADUser JohnDoe –Properties MemberOf cmdlet is it doesn’t list Domain Built-in groups like Domain Users. I am not sure why Microsoft wants to hide built-in groups from listing user group memberships. So I have written a VB Script style function.
To use this function, copy & paste this function to your PowerShell script and call the function with username and groupname to check. E.g., IsMember –User JohnDoe –Group “Domain Users”
Download the Script: http://1drv.ms/Ts9Yv3
#
# Function: IsMember
# Parameters: AD User Name (SAMAccountName) and Group Name
# Description: Check if the provided User is member of given Group name.
# Returns True if the user if member of the group or returns False.
#
# Speciality: This function lists groups and check the group membership
# including Built-in groups like Domain Users.
# The Get-ADGroupMember from PowerShell AD Module doesn’t list
# built-in groups like “Domain users”, but this
# function does.
#
# Usage e.g.,: If (IsMember -User JohnDoe -Group “Sales-NA”)…
#
# Written By: Anand, the Awesome, Venkatachalapathy
#
Function IsMember()
{
Param (
[string]$User=$(Throw “Error: Please enter a username!”),
[string]$Group=”Domain Users”
)
Import-Module ActiveDirectory
#Get the Domain Name or you may assign it manually to
#$DomainName variable below
$DomainName = (Get-ADDomain).NetBIOSName
# Bind to specified user in domain.
$UserObj = [ADSI]”WinNT://$DomainName/$User,user”
# Invoke the Groups method.
$GroupsObj = $UserObj.psbase.Invoke(“Groups”)
ForEach ($GroupObj In $GroupsObj)
{
# Retrieve name of group.
$GroupName = $GroupObj.GetType().InvokeMember(“Name”, ‘GetProperty’, $Null, $GroupObj, $Null)
#Check the Group, if given group and current group name is same, return True
If ($GroupName.Equals($Group)) { Return $true }
}
#Group Not found, send False
Return $false
}
Anand, the Architect 