您将找到此答案的结尾,这是一种使用 C# 中的 .NET 3.5 程序集查找用户所属的所有组(以递归方式)的方法,这是对 PowerShell 的转换。这不是您问题的确切答案,但是在您的“现实世界”中,它应该会有所帮助。
# Load the .NET 3.5 assembly
Add-Type -AssemblyName System.DirectoryServices.AccountManagement
# Get an enum value
$ct = [System.DirectoryServices.AccountManagement.ContextType]::Domain
# Retreive the user as a user principal
$username = "jblanc"
$up = [System.DirectoryServices.AccountManagement.Principal]::FindByIdentity($ct,$username)
# Get all the authorization groups a user belongs to
$up.GetAuthorizationGroups()