Check if user password input is valid in Powershell script
I am working with a Powershell script that adds scheduled tasks to systems in our domain. When I run this script, it will prompt me for my password. I sometimes fat finger the password and the process starts, which locks out my account. Is there a way to verify my credentials to make sure that what I typed in will validate with the Domain?
I'd like to find a way to query the Domain controller. I've done some Google searches and I should be able to do a WMI query and trap for an error. I would like to avoid that style of validation if possible.
Any ideas? Thanks in advance.
I have this in my library:
$cred = Get-Credential #Read credentials
$username = $cred.username
$password = $cred.GetNetworkCredential().password
# Get current domain using logged-on user's credentials
$CurrentDomain = "LDAP://" + ([ADSI]"").distinguishedName
$domain = New-Object System.DirectoryServices.DirectoryEntry($CurrentDomain,$UserName,$Password)
if ($domain.name -eq $null)
{
write-host "Authentication failed - please verify your username and password."
exit #terminate the script.
}
else
{
write-host "Successfully authenticated with domain $domain.name"
}
This is what I've used in the past; it's supposed to work for local machine accounts and 'application directory', but so far I've only used it successfully with AD credentials:
function Test-Credential {
<#
.SYNOPSIS
Takes a PSCredential object and validates it against the domain (or local machine, or ADAM instance).
.PARAMETER cred
A PScredential object with the username/password you wish to test. Typically this is generated using the Get-Credential cmdlet. Accepts pipeline input.
.PARAMETER context
An optional parameter specifying what type of credential this is. Possible values are 'Domain','Machine',and 'ApplicationDirectory.' The default is 'Domain.'
.OUTPUTS
A boolean, indicating whether the credentials were successfully validated.
#>
param(
[parameter(Mandatory=$true,ValueFromPipeline=$true)]
[System.Management.Automation.PSCredential]$credential,
[parameter()][validateset('Domain','Machine','ApplicationDirectory')]
[string]$context = 'Domain'
)
begin {
Add-Type -assemblyname system.DirectoryServices.accountmanagement
$DS = New-Object System.DirectoryServices.AccountManagement.PrincipalContext([System.DirectoryServices.AccountManagement.ContextType]::$context)
}
process {
$DS.ValidateCredentials($credential.UserName, $credential.GetNetworkCredential().password)
}
}
I've found this post useful however it didn't solve my problem as I was trying to run it from a script with the local admin account logged on. It does not seem to work as local admin (only when logged on as a domain user).
However I did finally manage to get a working solution and since it was so much trouble I thought I'd share it here so anyone else with this problem will have the answer right here. Both answers on the one page depending on your needs.
Note that higher up in the scipt (not included here as this is just the get-credentials section) powergui is installed and is a requirement for this code below (as well as the "Add-PSSnapin Quest.ActiveRoles.ADManagement" line). Not sure what powergui does that's different but no one else could tell me and it works.
Subsitute your own domain name in the "domain_name" sections.
#Get credentials
$credential_ok = 0
while ($credential_ok -ne 1)
{
$credential = get-credential
$result = connect-qadservice -service *domain_name* -credential $credential
[string]$result_string = $result.domain
if ($result_string -eq "*domain_name*")
{
$credential_ok = 1
#authenticated
}
else
{
#failed
}
}
$username = $credential.username
$password = $credential.GetNetworkCredential().password
$date = get-date
Add-Content "c:\lbin\Install_log.txt" "Successfully authenticated XP script as $username $date"