Another common problem yesterday: how to validate a domain user with a password. I had a service account that I suscpected had an invalid password. After some googling and trying different solutions, I came accross a post by Shay Levy that fitted my purpose.
I wrote a function based on the Levy post, and the following function CheckCredentials will validate username on format “domain\user” and password againt the supplied domain.
Add-Type -AssemblyName System.DirectoryServices.AccountManagement
function CheckCredentials( [String]$username, [String]$password)
{
# find seperator character '\' in username string
$sepidx = $username.IndexOf('\') ;
# pick domain from username string
$domain = $username.Substring(0, $sepidx);
# pick user from username string
$user = $username.Substring($sepidx+1, ($username.Length - $sepidx)-1)
# create instance for domian principle context for input user
$ct = [System.DirectoryServices.AccountManagement.ContextType]::Domain
$pc = New-Object System.DirectoryServices.AccountManagement.PrincipalContext `
$ct,$domain
# validate user credential for user with password against domain
$res = $pc.ValidateCredentials($user,$password)
return $res; #true: ok, false: invalid username and passwrod
}
The script will pick the domain from the supplied username string based on the ‘\’ seperator character. The function returns true of the username is successfully validated, otherwise false.
Sveroa's Developer Blog 