Adaxes

If user in group return true

0 votes

Hello everyone,

I have the following code with which I want to check whether the user is in one of the 7 groups and if so it should return true. For this I have the condition in a business rule, if powerschell returns true, a mail should be sent. However, I never receive a mail although the user is in one of those groups? Do I have an error in the script?

Thank you very much!

# Define the username and the list of groups
$userName = "%username%"
$groupList = @( "grp_1",
                "grp_2",
                "grp_3",
                "grp_4",
                "grp_5",
                "grp_6",
                "grp_7")

# Initialize the variable to store the result
$Context.ConditionIsMet = $False;

# Check each group to see if the user is a member
foreach ($group in $groupList) {
    # Get the members of the group
    $groupMembers = Get-ADGroupMember -Identity $group -ErrorAction SilentlyContinue | Select -ExpandProperty SamAccountName

    # Check if the username is in the group's member list
    if ($userName -in $groupMembers) {
        $Context.ConditionIsMet = $True;
        break; # Stop the loop since the user was found in a group
    }
}

# Return the result
return $Context.ConditionIsMet;
by (300 points)

1 Answer

0 votes
by (289k points)

Hello,

First of all, there is no need to use scripts. You can just use the dedicated condition. For example: image.png If you still prefer using a script, you can use the below one. In the script, the $groupDNs variable specifies distinguished names (DNs) of the groups to check. For information on how to get an object DN, see https://adaxes.com/sdk/HowDoI.GetDnOfObject.

$groupDNs = @("CN=gr_1,OU=Groups,DC=compay,DC=com", "CN=gr_2,OU=Groups,DC=compay,DC=com", "CN=gr_3,OU=Groups,DC=compay,DC=com", "CN=gr_4,OU=Groups,DC=compay,DC=com")

$Context.ConditionIsMet = $False

foreach ($groupDN in $groupDNs)
{
    $group = $Context.BindToObjectByDN($groupDN)

    if($group.IsMember($Context.TargetObject.AdsPath))
    {
        $Context.ConditionIsMet = $True
        return
    }
}
0

Hello, yes I'm going to use the script, because we check a lot of groups. So with the script it takes less clics.

But I testet the script, and the answer is send when the user is not member of these groups... How can I adapt this error?

thx

by (300 points)
0

Hello,

Most probably, there is something more complex in your case as the script works exactly as intended when the target object and the groups are in the same domain. Try using Return true if the target object is a member of any of the groups from the following article: https://www.adaxes.com/script-repository/check-whether-the-target-object-is-a-member-of-multiple-groups-s294.htm.

by (289k points)

Related questions

0 votes
1 answer
Can't authenticate with servers if the user is in the built-in group "Protected Users"

We can authenticate if we login to the machine hosting the service but if I have the client installed on my desktop, I can't authenticate with any ... .com/en-us/windows-server/security/credentials-protection-and-management/protected-users-security-group

asked Sep 12, 2022 by mark.it.admin (2.3k points)
0 votes
1 answer
Can I create a rule to count members in a group and send an email if the number approaches a set point?

We have a 3rd party vendor that we are able to add users based on AD security groups. What I need to do is set a parameter for the number of available licenses and whenever ... the group is 495 I would like an email to trigger telling me to add more licenses.

asked Oct 12, 2022 by A_Pastor (70 points)
0 votes
1 answer
Check if User Is member of a group

Hello, I have a web service that checks if a user is a member of a group. I am not concerned if they are a direct member or an indirect member of a group, but if the user is in the ... I pass it User A and Group 1. I am using ADSI, c# (.Net 4.0), and WCF.

asked Feb 23, 2014 by mbcalvin (140 points)
0 votes
1 answer
Populate a User Attribute with Yes/No if enrolled in Password Self-Service

I see the script for generating a report of users enrolled, but what I'd like to do is run a script that can populate a user attribute with Yes/No or True/False if they are or are not enrolled. Is there an existing script that accomplishes this? Thanks

asked 4 days ago by msheppard (470 points)
0 votes
1 answer
What is the most current way of checking if a user has MFA enabled in Azure?

We used to use a script to check if an AD user's MFA was set in Azure (Hybrid AD/AAD set up). I do not think it is relevant any longer. Is there another script that handles this or some other functionality in order to check a user's Azure MFA status?

asked Aug 23 by msheppard (470 points)
3,548 questions
3,239 answers
8,232 comments
547,814 users