How to create a ‘global condition’ that will query the membership of the currently logged on user of a security group in AD and use it as a requirement rule.

First let’s create the ‘global condition’


Give it a proper name – I’ve chosen ‘AD Security Group Membership’

Choose ‘device type’ [Windows] and ‘condition type’ [Setting]

In the ‘setting type’ choose [Script] and [String] as ‘data type’.

Finally click ‘Add Script’


Choose [Windows PowerShell]

Now you can either open a file with the script or type it directly into the field below.

The script will retrieve the currently logged on user and then browse the current domain and find out which security groups that specific user is member of and return those.

Those values will be evaluated in the requirement rule later on.

Now we have created a ‘global condition’. easy 🙂


Now lets open up an application and add a requirement rule based on this global condition.

Choose a custom category.

From the drop down list you will now be able to pick the global condition we just created.


Choose rule type [Value] and the operator should be [Equals].

Now type in the security group you want to evaluate.


There it is 🙂


Leave a Reply