Script Repository


Prevent users from being added to groups in other domains

June 23, 2020
1070

This script can be used to prevent adding users from a certain AD domain to groups located in other domains. To use the script with Adaxes, you need to create a Business Rule triggered before adding a member to a group that cancels the operation, and use the script with the If PowerShell script returns true condition.

Parameters:

  • $disallowedDomain - the fully qualified name of the AD domain that a user must belong to to be affected by the script.
Edit Remove
PowerShell
$disallowedDomain = "domain.com" # TODO: modify me

$Context.ConditionIsMet = $False
$newMember = $Context.BindToObject("Adaxes://%member%")
$newMemberPath = New-Object "Softerra.Adaxes.Adsi.AdsPath" $newMember.ADsPath
$newMemberDomainName = $Context.GetObjectDomain($newMemberPath.DN)

if ($newMemberDomainName -ine $disallowedDomain)
{
    return
}

$groupDomainName = $Context.GetObjectDomain("%distinguishedName%")
if ($groupDomainName -ine $disallowedDomain)
{
    $Context.ConditionIsMet = $True
}

Comments ( 0 )
No results found.
Leave a comment

Related Scripts