Parameters in JEA

This topic contains 0 replies, has 1 voice, and was last updated by Profile photo of Milos Ostojic Milos Ostojic 4 months, 3 weeks ago.

Viewing 1 post (of 1 total)
  • Author
    Posts
  • #38524
    Profile photo of Milos Ostojic
    Milos Ostojic
    Participant

    Hello everyone,
    I've been experimenting with functions and variables in JEA and I would very much appreciate some help.
    It looks to me as all variables are calculated at the moment of running New-PsRoleCapability cmdlet. I was trying to create JEA configuration that dynamically constrains set-adaccountpassword just to users from the same OU as current user's. The problem is that variable that I created (derived form $PSSenderInfo) is showing current OU of user who created Endpoint instead of user in the current session. I've managed to deal with it by creating a function instead of variable and adding it as part of ValidateScript for command but I'm not too happy about it although created functions do not need to be visible.
    The real problem I have is the fact that I haven't been able to make ValidateScript to work with cmdlets. I've been writing proxy functions instead but constraining parameters of existing commands looks like far more elegant solution.
    Has anyone succeeded in doing this? Or has he found a better way?
    For example, Get-ADPrincipalGroupMembership with Parameters = @{ Name = Identity ; ValidateScript = { Get-ADUser -LdapFilter "(samaccountname = $_)" -SearchBase = (get-CurrentOU) } } where Get-CurrentOU is function retrieving OU of $PSSenderInfo.CurrentUser.

    I'm very open for suggestions!

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.