I used the Show/Get-WinADGroupMemberOf command to figure user groups membership in a large domain, but I noticed a small discordance in the results it is providing and I found what it is.
Here's the situation. In the domain, there are some groups with the same group name, BUT the SamAccountName is unique (legacy stuff from domain merge a few years ago).
In the Get-WinADGroupMemberOf script, you're using the $NestedMember.name as the ParentGroup, so the reporting is not accurate.
For example :
Group 1
o Name : SecRole-DBAdmins
o SamAccountName : SecRole-DBAdmins
Group 2 :
o Name : SecRole-DBAdmins
o SamAccountName : SR-DBAdmins
So in the case where a user is a member of both groups, the child groups of "SR-DBAdmins" show "SecRole-DBAdmins" as the ParentGroup, which is not exactly the case.
And it creates some discordances in the graphics generated with Show-WinADGroupeMemberOf...
Hoping you can resolve this issue shortly, let me know when you release a new version of the scripts and I'll give it a try to see if my issue is resolved
From email
I used the Show/Get-WinADGroupMemberOf command to figure user groups membership in a large domain, but I noticed a small discordance in the results it is providing and I found what it is.
Here's the situation. In the domain, there are some groups with the same group name, BUT the SamAccountName is unique (legacy stuff from domain merge a few years ago). In the Get-WinADGroupMemberOf script, you're using the $NestedMember.name as the ParentGroup, so the reporting is not accurate.
For example :
Group 1 o Name : SecRole-DBAdmins o SamAccountName : SecRole-DBAdmins Group 2 : o Name : SecRole-DBAdmins o SamAccountName : SR-DBAdmins So in the case where a user is a member of both groups, the child groups of "SR-DBAdmins" show "SecRole-DBAdmins" as the ParentGroup, which is not exactly the case.
And it creates some discordances in the graphics generated with Show-WinADGroupeMemberOf...
Hoping you can resolve this issue shortly, let me know when you release a new version of the scripts and I'll give it a try to see if my issue is resolved