[PSCredential]$Credential
# You can call whatever cmdlets you like to conduct authentication here.
# Just make sure to return the $Result with the Success property set to $true
$Result = [Security.AuthenticationResult]::new()
if ($Credential.UserName -eq 'Admin')
#Maintain the out of box admin user
New-PSUAuthenticationResult -UserName 'Admin' -Success
# Get current domain using logged-on user's credentials - this validates their credential
$CurrentDomain = "LDAP://DC=mydemodomain,DC=com" # Insert Your Domain Here
$domain = New-Object System.DirectoryServices.DirectoryEntry($CurrentDomain,($Credential.UserName),$Credential.GetNetworkCredential().password)
if ($domain.name -eq $null)
"Authentication failed for $($Credential.UserName)!" | Out-File "C:\test\adlogin.txt"
write-host "Authentication failed - please verify your username and password."
New-PSUAuthenticationResult -UserName $Credential.UserName
write-host "Successfully authenticated with domain $($domain.name)"
"Authentication success for $($Credential.UserName)!" | Out-File "C:\test\adlogin.txt"
New-PSUAuthenticationResult -UserName $Credential.UserName -Success -Claims {
Get-ADPrincipalGroupMembership $Credential.UserName | Select-Object -ExpandProperty name | ForEach-Object {
New-PSUAuthorizationClaim -Type Role -Value $_