# encoding: ascii
# api: powershell
# title: Get-UserWithManyGroups
# description: Lists Active Directory user accounts which are members of too many groups, and can thus cause token bloat issues
# version: 0.1
# license: CC0
# x-poshcode-id: 1385
# x-archived: 2010-07-17T01:51:28
#
#
# Lists AD users who are members in too many groups
# (c) Dmitry Sotnikov
# Details at:
# http://dmitrysotnikov.wordpress.com/2009/10/12/find-users-in-too-many-groups/
# Uses free Quest AD cmdlets
$limit = 75
Get-QADUser -SizeLimit 0 -DontUseDefaultIncludedProperties |
ForEach-Object {
$groups = Get-QADGroup -ContainsIndirectMember $_.DN -SizeLimit $limit `
-DontUseDefaultIncludedProperties -WarningAction SilentlyContinue
if ($groups.Count -ge $limit) { $_ }
}