When your security gets unruly, it can get time consuming to figure out how a user is accessing a SQL instance. Sometimes you may know that a user is getting access via one certain AD group but you aren't sure if any other groups are granting access. Furthermore, a user might be in a group that's nested in another group, through which they are gaining access to your SQL instance.
Using this script, you can uncover all of those scenarios.
If you don't already have it, you will need the DSQUERY command line tool installed.
For Windows 7, go to https://www.microsoft.com/en-us/download/details.aspx?id=7887
For Windows 8 and beyond, go to https://www.microsoft.com/en-us/download/details.aspx?id=28972