A PowerShell script to check if a security principal (Active Directory user, computer, or group) is a member of a specified security group. The script uses the tokenGroups attribute, which is operational (constructed). TokenGroups is a collection of the objectSID values of all security groups the principal is a member of, including due to nesting and the "primary group". The collection does not include distribution groups or groups in other domains. A hash table is used to keep track of memberships separately for each security principal, so they only need to be retrieved once. You can use the function to check membership in several groups, for several users, or for the current user and the local computer.

This script demonstrates how to retrieve operational attributes, how to convert SID values (which are byte arrays), and how to translate SID values into the corresponding NT format name, which is in the form \.

IsMember.txt <<-- Click here to view or download the program