/
FormLogin.ps1
133 lines (115 loc) · 4.59 KB
/
FormLogin.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
New-UDAuthenticationMethod -Endpoint {
param([PSCredential]$Credentials)
Function Test-Credential {
[OutputType([Bool])]
Param (
[Parameter(
Mandatory = $true,
ValueFromPipeLine = $true,
ValueFromPipelineByPropertyName = $true
)]
[Alias(
'PSCredential'
)]
[ValidateNotNull()]
[System.Management.Automation.PSCredential]
[System.Management.Automation.Credential()]
$Credential,
[Parameter()]
[String]
$Domain = $Credential.GetNetworkCredential().Domain
)
Begin {
[System.Reflection.Assembly]::LoadWithPartialName("System.DirectoryServices.AccountManagement") |
Out-Null
$principalContext = New-Object System.DirectoryServices.AccountManagement.PrincipalContext(
[System.DirectoryServices.AccountManagement.ContextType]::Domain, $Domain
)
}
Process {
foreach ($item in $Credential) {
$networkCredential = $Credential.GetNetworkCredential()
Write-Output -InputObject $(
$principalContext.ValidateCredentials(
$networkCredential.UserName, $networkCredential.Password
)
)
}
}
End {
$principalContext.Dispose()
}
}
function Get-ADGroupMembers {
<#
.SYNOPSIS
Return all group members for specified groups.
.FUNCTIONALITY
Active Directory
.DESCRIPTION
Return all group members for specified groups. Requires .NET 3.5, does not require RSAT
.PARAMETER Group
One or more Security Groups to enumerate
.PARAMETER Recurse
Whether to recurse groups. Note that subgroups are NOT returned if this is true, only user accounts
Default value is $True
.EXAMPLE
#Get all group members in Domain Admins or nested subgroups, only include samaccountname property
Get-ADGroupMembers "Domain Admins" | Select-Object -ExpandProperty samaccountname
.EXAMPLE
#Get members for objects returned by Get-ADGroupMembers
Get-ADGroupMembers -group "Domain Admins" | Get-Member
#>
[cmdletbinding()]
Param(
[Parameter(Position = 0, ValueFromPipeline = $true)]
[string[]]$group = 'Domain Admins',
[bool]$Recurse = $true
)
Begin {
#Add the .net type
$type = 'System.DirectoryServices.AccountManagement'
Try {
Add-Type -AssemblyName $type -ErrorAction Stop
}
Catch {
Throw "Could not load $type`: Confirm .NET 3.5 or later is installed"
Break
}
#set up context type
# use the 'Machine' ContextType if you want to retrieve local group members
# http://msdn.microsoft.com/en-us/library/system.directoryservices.accountmanagement.contexttype.aspx
$ct = [System.DirectoryServices.AccountManagement.ContextType]::Domain
}
Process {
#List group members
foreach ($GroupName in $group) {
Try {
$grp = [System.DirectoryServices.AccountManagement.GroupPrincipal]::FindByIdentity($ct, $GroupName)
#display results or warn if no results
if ($grp) {
$grp.GetMembers($Recurse)
}
else {
Write-Warning "Could not find group '$GroupName'"
}
}
Catch {
Write-Error "Could not obtain members for $GroupName`: $_"
Continue
}
}
}
End {
#cleanup
$ct = $grp = $null
}
}
### Replace "YOUR_SECURITY_GROUP_NAME with the Active Direcotry Security Group you created for this dashboard
if ((Test-Credential -Credential $Credentials)) {
if (Get-ADGroupMembers "YOUR_SECURITY_GROUP_NAME" | Where-Object { $_.SamAccountName -match $Credentials.UserName }) {
New-UDAuthenticationResult -Success -UserName $Credentials.UserName
}
}
New-UDAuthenticationResult -ErrorMessage "Invalid credentials, or security group issue. Please contact IT if problem persists"
}