Skip to content

Instantly share code, notes, and snippets.

@devblackops

devblackops/adauth.ps1

Created February 8, 2019 04:35
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save devblackops/7ba121ffad8fa0bb6448ec345a0b126a to your computer and use it in GitHub Desktop.
Save devblackops/7ba121ffad8fa0bb6448ec345a0b126a to your computer and use it in GitHub Desktop.
Download ZIP
PoshBot middleware hook to mark a command as approved is the user is in a certain AD group
Raw
adauth.ps1
param(
$Context,
$Bot
)
$user = $Context.Message.FromName
$adGroup = 'botusers'
$userGroups = (New-Object System.DirectoryServices.DirectorySearcher("(&(objectCategory=User)(samAccountName=$user)))")).FindOne().GetDirectoryEntry().memberOf
if (-not ($userGroups -contains $adGroup)) {
$Context.ApprovalState = 'Denied' #[ApprovalState]::Denied
$Bot.LogInfo("User [$user] is not in AD group [$adGroup]. Command is not approved.")
return
} else {
$Context.ApprovalState = 'Approved' #[ApprovalState]::Approved
$Context
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment