Block by Ad Groups Script

if(!context.onPrem){

trace("not onprem");

var umod = module('User');

var user = umod.GetCurrentUser();

var blocked_groups = ["\<group_name_1\>", "\<group_name_2\>"];

if (blocked_groups != null)

{

if (user.InEffectiveGroupByNames(blocked_groups)){

trace("block specified AD groups");

policy.Locked = true;

}

}

}