$token = [System.Security.Principal.WindowsIdentity]::GetCurrent() # Get current user context $groupSIDs = $token.Groups # Get SIDs in current Kerberos token foreach($sid in $groupSIDs) { # for each of those SIDs... try { # try to.. Write-Host (($sid).Translate([System.Security.Principal.NTAccount])) # translate the SID to an account name } catch { # if we can't translate it... Write-Warning ("Could not translate " + $sid.Value + ". Reason: " + $_.Exception.Message) # Output a warning and the corresponding exception } }