Another common problem yesterday: how to validate a domain user with a password. I had a service account that I suscpected had an invalid password. After some googling and trying different solutions, I came accross a post by Shay Levy that fitted my purpose.
I wrote a function based on the Levy post, and the following function CheckCredentials will validate username on format “domain\user” and password againt the supplied domain.
Add-Type -AssemblyName System.DirectoryServices.AccountManagement function CheckCredentials( [String]$username, [String]$password) { # find seperator character '\' in username string $sepidx = $username.IndexOf('\') ; # pick domain from username string $domain = $username.Substring(0, $sepidx); # pick user from username string $user = $username.Substring($sepidx+1, ($username.Length - $sepidx)-1) # create instance for domian principle context for input user $ct = [System.DirectoryServices.AccountManagement.ContextType]::Domain $pc = New-Object System.DirectoryServices.AccountManagement.PrincipalContext ` $ct,$domain # validate user credential for user with password against domain $res = $pc.ValidateCredentials($user,$password) return $res; #true: ok, false: invalid username and passwrod }
The script will pick the domain from the supplied username string based on the ‘\’ seperator character. The function returns true of the username is successfully validated, otherwise false.