Script Repository

Prevent users from being added to groups in other domains

February 18, 2021

This script can be used to prevent adding users from a certain AD domain to groups located in other domains. To use the script with Adaxes, you need to create a business rule triggered before adding a member to a group that cancels the operation, and use the script with the If PowerShell script returns true condition.


  • $disallowedDomain - Specifies the fully qualified name of the AD domain that a user must belong to to be affected by the script.
Edit Remove
$disallowedDomain = "" # TODO: modify me

$Context.ConditionIsMet = $False
$newMember = $Context.BindToObject("Adaxes://%member%")
$newMemberPath = New-Object "Softerra.Adaxes.Adsi.AdsPath" $newMember.ADsPath
$newMemberDomainName = $Context.GetObjectDomain($newMemberPath.DN)

if ($newMemberDomainName -ine $disallowedDomain)

$groupDomainName = $Context.GetObjectDomain("%distinguishedName%")
if ($groupDomainName -ine $disallowedDomain)
    $Context.ConditionIsMet = $True

Comments ( 0 )
No results found.
Leave a comment

Related Scripts