Set-PSUAuthenticationMethod -Type "Form" -ScriptBlock {param( [PSCredenti

1. Set-PSUAuthenticationMethod -Type "Form" -ScriptBlock {
2. param(
3.     [PSCredential]$Credential
4. )
5.  
6. #
7. #   You can call whatever cmdlets you like to conduct authentication here.
8. #   Just make sure to return the $Result with the Success property set to $true
9. #
10. $Result = [Security.AuthenticationResult]::new()
11. if ($Credential.UserName -eq 'Admin' -and $Credential.GetNetworkCredential().password -eq "PASSWORD")
12. {
13.     #Maintain the out of box admin user
14.     $Result.UserName = 'Default Admin'
15.     $Result.Success = $true
16. }
17. else
18. {
19.     # Get current domain using logged-on user's credentials - this validates their credential
20.     $CurrentDomain = "LDAP://DC=domain,DC=local"  # Insert Your Domain Here
21.     $domain = New-Object System.DirectoryServices.DirectoryEntry($CurrentDomain,($Credential.UserName),$Credential.GetNetworkCredential().password)
22.     if ($domain.name -eq $null)
23.     {
24.         #"Authentication failed for $($Credential.UserName)!"
25.         write-host "Authentication failed - please verify your username and password."
26.         $Result.UserName = ($Credential.UserName)
27.         $Result.Success = $false
28.     }
29.     else
30.     {
31.         write-host "Successfully authenticated with domain $($domain.name)"
32.         #"Authentication success for $($Credential.UserName)!"
33.         $groupMember = Get-ADGroupMember -Identity GROUPNAME -Recursive | select-object -ExpandProperty samaccountname
34.         if ($groupMember -contains $credential.UserName){
35.             $Result.UserName = ($Credential.UserName)
36.             $Result.Success = $true
37.         }
38.         else {
39.             $Result.UserName = ($Credential.UserName)
40.             $Result.Success = $false
41.         }
42.     }
43. }
44.  
45. $Result
46. } -SaveTokens $false -UseTokenLifetime $false -GetClaimsFromUserInfoEndpoint $false