Is there a Windows command line utility to verify user credentials?

On a Windows platform, is there any command line utility that I can pass a username, password domain name to in order to verify the credentials (or possibly give an error that the account is disabled, doesn't exist or expired)?

Solution 1:

You could use the net use command, specifying the username and password on the command-line (in the form net use \\unc\path /user:username password and check the errorlevel returned to verify if a credential is valid.

The runas command would work, too, except that you're going to have a tougher time testing the output.

Testing a credential for the existence of an account would be a matter of using net user or dsquery. The net user command won't tell you if an account is locked out, but querying the lockoutTime attribute of the user account could tell you that.

Solution 2:

In Powershell:

Function Test-ADAuthentication {
    param($username,$password)
    (new-object directoryservices.directoryentry "",$username,$password).psbase.name -ne $null
    }

PS C:\> Test-ADAuthentication "dom\myusername" "mypassword"
True
PS C:\>

Reference: https://stackoverflow.com/questions/7663219/how-to-authenticate-an-user-in-activedirectory-with-powershell

Solution 3:

Try this:

net use \\%userdnsdomain% /user:%userdomain%\%username% *

%Errorlevel% is 0 if password is Ok.

Asterisk at the end of the sentence forces to ask for password.