When your security gets unruly, it can get time consuming to figure out how a user is accessing a SQL instance. Sometimes you may know that a user is getting access via one certain AD group but you aren’t sure if any other groups are granting access. Furthermore, a user might be in a group that’s nested in another group, through which they are gaining access to your SQL instance.
Using this script, you can uncover all of those scenarios.
This script uses DSQUERY, which requires Microsoft’s Remote Server Administration Tools (RSAT). The RSAT version must match your operating system. For details on RSAT and download links, visit https://support.microsoft.com/en-us/help/2693643/remote-server-administration-tools-rsat-for-windows-operating-systems.