How to get all groups that a user is a member of?

A more concise alternative to the one posted by Canoas, to get group membership for the currently-logged-on user.

I came across this method in this blog post: http://www.travisrunyard.com/2013/03/26/auto-create-outlook-mapi-user-profiles/

([ADSISEARCHER]"samaccountname=$($env:USERNAME)").Findone().Properties.memberof

An even better version which uses a regex to strip the LDAP guff and leaves the group names only:

([ADSISEARCHER]"samaccountname=$($env:USERNAME)").Findone().Properties.memberof -replace '^CN=([^,]+).+$','$1'

More details about using the [ADSISEARCHER] type accelerator can be found on the scripting guy blog: http://blogs.technet.com/b/heyscriptingguy/archive/2010/08/24/use-the-powershell-adsisearcher-type-accelerator-to-search-active-directory.aspx

Old school way from CMD:

net user mst999 /domain 

(GET-ADUSER –Identity USERNAME –Properties MemberOf | Select-Object MemberOf).MemberOf

If you cannot get Get-ADPrincipalGroupMembership to work for you could try logging in as that user then use.

$id = [Security.Principal.WindowsIdentity]::GetCurrent()
$groups = $id.Groups | foreach-object {$_.Translate([Security.Principal.NTAccount])}
$groups | select *

Get group membership for a user:

$strUserName = "Primoz"
$strUser = get-qaduser -SamAccountName $strUserName
$strUser.memberof

See Get Group Membership for a User

But also see Quest's Free PowerShell Commands for Active Directory.

[Edit: Get-ADPrincipalGroupMembership command is included in Powershell since v2 with Windows 2008 R2. See kstrauss' answer below.]