Security example-policy-based-on-active-directory-group-membership

Where do you save this script that is documented here?

Script in question from doc:


$UserName = ($User.Identity.Name)
$UserName = $UserName.Substring($UserName.IndexOf('\')+1,($UserName.Length -($UserName.IndexOf('\')+1)))

$IsMember = $false;

# Perform LDAP Group Member Lookup
$Searcher = New-Object DirectoryServices.DirectorySearcher
$Searcher.SearchRoot = 'LDAP://CN=Users,DC=berg,DC=com' # INSERT ROOT LDAP HERE
$Searcher.Filter = "(&(objectCategory=person)(memberOf=CN=PowerShell Universal Admins,OU=Information Technology,DC=berg,DC=com))" #GROUP INSERT DN TO CHECK HERE
$Users = $Searcher.FindAll()
$Users | ForEach-Object{
    If($_.Properties.samaccountname -eq $UserName)
        $IsMember = $true;
        "$UserName is a member of admin group!" | Out-File "C:\test\adgroup.txt"
    else {
        "$UserName is NOT member of admin group!" | Out-File "C:\test\adgroup.txt"

return $IsMember

Covered below. Another option is to directly map a group SID to the role as shown here

Policy Assignment

@jori, thank you!

Umm, @adam, can we update your documentation to be more clear about where to put the script?