How to find which of nested ad groups user belongs to

Question

i need to find users from a specific OU that belong to a set of nested groups (that part is done), and write which of the groups the users belong to (user can belong to several groups) right now i have all the users that belong to the groups, but cannot figure out how to also list all the groups from the nested set they belong to.

my script so far:

$GroupDN = (Get-ADGroup "Groupname").DistinguishedName

$Users   = Get-ADUser -LDAPFilter "(&(memberOf:1.2.840.113556.1.4.1941:=$GroupDN))" -SearchBase $OU | select name | Export-Csv C:\test\data.xml ```

Answer 1

Continuing from my comment, and per the link provided:

https://duckduckgo.com/?q=powershell+%27get+user+group+membership+and+nested+groups%27&t=h_&ia=web

hit(s) --- of course, tweak as needed to get to your final results

Get AD Nested Group Membership with Powershell

This article helps you to query nested AD group members using Powershell. We can get group members by using the Active Directory PowerShell cmdlet Get-ADGroupMember.

The Get-ADGroupMember cmdlet provides the option to get all the nested group members by passing the parameter -Recursive. This PowerShell script also handles circular membership (infinite loop) problems.

https://morgantechspace.com/2015/09/get-ad-nested-group-membership-with-powershell.html

Import-Module ActiveDirectory

function GetNestedADGroupMembership {
Param([parameter(Mandatory=$true)] $user,
  [parameter(Mandatory=$false)] $grouphash = @{})

   $groups = @(Get-ADPrincipalGroupMembership -Identity $user | select -ExpandProperty distinguishedname)
   foreach ($group in $groups) {
      if ( $grouphash[$group] -eq $null) {
         $grouphash[$group] = $true
         $group
         GetNestedADGroupMembership $group $grouphash
      }
   }
}

GetNestedADGroupMembership 'CN=Smith,OU=TestOU,DC=TestDomain,DC=com'

As well as this on via SO Q&A regarding the similar use case:

Find user and AD group relation via nested AD groups

... or this example for the same search, using the code you already posted as a function which you just pass an identity.

# Finding Nested AD Group Memberships 

<#
The following code finds all groups a given Active Directory user is a member of (including nested group memberships). The code requires the ActiveDirectory module.
#>

#requires -Module ActiveDirectory

function Get-NestedGroupMember
{
    param
    (
        [Parameter(Mandatory, ValueFromPipeline)]
        [string]
        $Identity
    )

    process
    {
        $user = Get-ADUser -Identity $Identity
        $userdn = $user.DistinguishedName
        $strFilter = "(member:1.2.840.113556.1.4.1941:=$userdn)"
        Get-ADGroup -LDAPFilter $strFilter -ResultPageSize 1000
    }
}

<#
To find group memberships, simply run Get-NestedGroupMember with the name of a user. The function accepts the same identity information that is accepted by Get-ADUser, so you can specify a SamAccountName, a SID, a GUID, or a distinguishedName
#>

As well as graphical views

Powershell Active Directory: List complete hierarchy of upstream nested groups recursively of User https://github.com/kunaludapi/Powershell-Active-Directory--Show-treeview-of-User-or-Group-memberof-hierarchy/blob/master/Get-ADGroupTreeViewMemberOf.txt

Powershell Active Directory: Show treeview of nested Group members downstream hierarchy http://vcloud-lab.com/entries/active-directory/powershell-active-directory-show-treeview-of-nested-group-members-downstream-hierarchy

See also:

https://activedirectorypro.com/find-nested-groups-in-active-directory