I’ve done my fair share of work with Active Directory over the years and LDAP has helped immensely, it did however let me down recently. Well when I say LDAP let me down it was probably my knowledge of LDAP (or lack thereof) that let me down.
For an audit I needed to list all groups a random set of users where members of. After struggling for an hour or so I decided to admit defeat with LDAP and instead turn to a trusty friend of mine Powershell, and It didn’t let me down!
I downloaded ActiveRoles Management Shell for Active Directory from Quest (see the link below);
Launching this I ran Get-Command to display a list of all available cmdlets;
From the extensive list of cmdlets I used get-qadmemberof and piped this to the out-file cmdlet to write the results to c:\sql\username.txt
get-qadmemberof ‘domain\username' | out-file c:\sql\username.txt
Voila! With one simple line of code for each of the random users I was able to get the results, sweet.