memories about powershell

check if a user is locked out in AD

Get-ADUser -Filter {samaccountname -eq [USER]} -Properties lockedout

find all groups that a user belongs to recursively in AD

Get-ADGroup -LDAPFilter ("(member:1.2.840.113556.1.4.1941:={0})" -f (Get-ADUser [USER]).DistinguishedName) | Select-Object Name