query admincount for security groups in all domain for a User

I want to discover the admincount attribute for all security groups that a user is a memberOf.

I have this so far:

Get-ADUser -Filter {displayName -LIKE “admin_User*”} -Credential $C -Properties * | % memberof

and I get the list of groups but how do I:

  1. get the admincount attribute from each of those groups?
  2. query across the domain from which these groups may be nested?

thank you

Something similar to this ?

For User
Get-ADuser -LDAPFilter “(admincount=1)” | select name

For Group
Get-ADgroup -LDAPFilter “(admincount=1)” | select name

Here is a one liner that will get you all the groups assigned to a user.

I am not too sure how you would get nested groups in groups.

You would have to do a check on the members of the group to see if any are groups and then iterate through it (loops within loops)

get-aduser ainnes -Properties * | select -ExpandProperty memberof | %{Get-ADGroup $_ | select name }

You can remove the “select name” at the end and it will pull back the default info on the group and then add a -properties * on the get-adgroup to return more info

I hope this helps.

Alex: This works for to some extent

get-aduser -filter {displayname -like “adminUser”} -credential $Cred -Properties * | select -ExpandProperty memberof | %{Get-ADGroup $_ -Properties * }

I don’t see admincoutn attribute in the list.

I know it exists as what Arie posted does work for querying admincount = 1 in general

So I tried this one liner:

get-aduser -filter {displayname -like “adminUser”} -credential $Cred -Properties * | select -ExpandProperty memberof | %{Get-ADgroup -LDAPFilter “(admincount=1)” | select name }

…and I get local domain results for admincount=1 on some groups however, my queried adminUser is not a member of any of them.