We use cookies to improve your experience.
By your continued use of this site you accept such use.
For more details please see our privacy policy and cookies policy.

Script Repository

Prevent users from being added to groups in other domains

February 18, 2021 Views: 1494

This script can be used to prevent adding users from a certain AD domain to groups located in other domains. To use the script with Adaxes, you need to create a business rule triggered before adding a member to a group that cancels the operation, and use the script with the If PowerShell script returns true condition.

Parameters:

  • $disallowedDomain - Specifies the fully qualified name of the AD domain that a user must belong to to be affected by the script.
Edit Remove
PowerShell
$disallowedDomain = "domain.com" # TODO: modify me

$Context.ConditionIsMet = $False
$newMember = $Context.BindToObject("Adaxes://%member%")
$newMemberPath = New-Object "Softerra.Adaxes.Adsi.AdsPath" $newMember.ADsPath
$newMemberDomainName = $Context.GetObjectDomain($newMemberPath.DN)

if ($newMemberDomainName -ine $disallowedDomain)
{
    return
}

$groupDomainName = $Context.GetObjectDomain("%distinguishedName%")
if ($groupDomainName -ine $disallowedDomain)
{
    $Context.ConditionIsMet = $True
}
Comments 0
Leave a comment
Loading...

Got questions?

Support Questions & Answers