Other Posts in this Series:
- LDAP Does Not Return All Active Directory Group Members
- The Difference Between PowerShell ADSI and ADSISearcher
- Use ADSI to Check if a User is a Member of an AD Group
- Use ADSI to Check if a Computer is a Member of an AD Group
- Use PowerShell ADSI to Migrate AD Group Members
This post will provides an example of how we can use ADSI to check if a user is a member of an AD Group using the [ADSISearcher] type accelerator:
#remember that this is used as a regular expression (using -match), so escape any brackets etc with a back slash
$ADGroup = "Example_AD_Group"
$userName = "AlkaneUser"
#check if user is a member of the group
$ADGroupObj = (([ADSISearcher] "(&(objectCategory=person)(objectClass=user)(sAMAccountName=$userName))").FindOne().properties.memberof -match "CN=$ADGroup,")
if ($ADGroupObj -and $ADGroupObj.count -gt 0)
{
#user is a member - do something!
}
![Use ADSI to Check if a User is a Member of an AD Group](https://www.alkanesolutions.co.uk/wp-content/uploads/2023/12/use-adsi-to-check-if-a-user-is-a-member-of-an-ad-group-300x169.png)
![Use ADSI to Check if a User is a Member of an AD Group](https://www.alkanesolutions.co.uk/wp-content/themes/twentyeleven-child/images/application-packaging-services-blog.png)