Q. How can I check the group memberships of a user via LDAP from PowerShell?

A. Using the System.DirectoryServices.DirectoryEntry object its easy to get a reference to objects in Active Directory via LDAP, for example to select a user I can use:

$objUser = New-Object System.DirectoryServices.DirectoryEntry("LDAP://CN=John Savill,OU=Admins,dc=savilltech,dc=net")

Once you have the object you can inspect all of the available attributes using

$objUser | fl *

One of these attributes is memberOf which will list all of the groups the user is DIRECTLY a member of, i.e. it does not include nested group memberships. This can be viewed using


This will then display those group memberships.