Hi,
If you mean the permission to write all properties by "permission to modify", you can get the groups like below.
$account = 'Domain\Username'
Get-ADGroup -filter * | Where-Object {(Get-Acl "AD:\$($_.DistinguishedName)").Access | Where-Object {($_.IdentityReference -eq $account) -and ($_.ObjectType -eq '00000000-0000-0000-0000-000000000000') -and ($_.AccessControlType -eq 'Allow') -and ('WriteProperty' -in $_.ActiveDirectoryRights)}}
Best Regards,
Ian Xue
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.