Hi,
I have my login against my AD so only AD-Members can login that works fine.
But when I’m trying to change so only the persons that are members of UD.Read ad-group get the Read role it don’t work. I’m writing the following in the policy for the Read role.
I’m writing the code under : Security → Role then clicking on edit for the Read role and typing the code there.
param(
$User
)
$group = "UD.Read"
$members = Get-ADGroupMember $group | Select-Object -ExpandProperty samaccountname
If ($members -contains $User) {
$IsMember = $true
} Else {
$IsMember = $false
}
$IsMember
Product: PowerShell Universal
Version: 1.4.6
@rstolpe
check this example as per psu docs
param(
$User
)
$UserName = ($User.Identity.Name)
$UserName = $UserName.Substring($UserName.IndexOf('\')+1,($UserName.Length -($UserName.IndexOf('\')+1)))
$IsMember = $false;
# Perform LDAP Group Member Lookup
$Searcher = New-Object DirectoryServices.DirectorySearcher
$Searcher.SearchRoot = 'LDAP://CN=Users,DC=berg,DC=com' # INSERT ROOT LDAP HERE
$Searcher.Filter = "(&(objectCategory=person)(memberOf=CN=PowerShell Universal Admins,OU=Information Technology,DC=berg,DC=com))" #GROUP INSERT DN TO CHECK HERE
$Users = $Searcher.FindAll()
$Users | ForEach-Object{
If($_.Properties.samaccountname -eq $UserName)
{
$IsMember = $true;
"$UserName is a member of admin group!" | Out-File "C:\test\adgroup.txt"
}
else {
"$UserName is NOT member of admin group!" | Out-File "C:\test\adgroup.txt"
}
}
return $IsMember
