Powershell - Test user credentials in AD, with password reset

active-directory powershell

I can successfully use Powershell to tell if a user authenticates in Active Directory:

Function Test-ADAuthentication {
    param($username,$password)
    (new-object directoryservices.directoryentry "",$username,$password).psbase.name -ne $null
}

Test-ADAuthentication "test" "Password1"

However, I cannot for the life of me figure out how to:

  1. Check if the password needs to be reset, while
  2. Verifying the credentials sent did work on their last password.

How could one go about this?


Solution 1:

Credentials can be tested by running a process. An example below, 

Start-Process -FilePath cmd.exe /c -Credential (Get-Credential -UserName $username -Message 'Test Credential')

Or simply:

Start-Process -FilePath cmd.exe /c -Credential (Get-Credential)

You will be presented with a prompt to enter a password. If you need read the password from a string (bad practice), you need to initialize the credential object beforehand. More details on that method can be found in the help.

Get-Help Get-Credential

Related

How do CDN (Content Delivery Networks) server work?
Identify Disks on SuperMicro server running FreeBSD
SCCM Global Condition WQL Query Type Mismatch (wbemErrTypeMismatch - 0x80041005)
Howto setup a LDAP server on Windows 7? [closed]
IPTables and DHCP questions?
Is it possible to enable port isolation on Linux bridges?
iptables rule -d ! (not destination) is giving me errors
Nagios alert by email for WARNING and pager for CRITICAL [duplicate]
HTTPS overhead compared to HTTP
Postfix, virtual aliases and catchall for undefined addresses
When are iptables bytes counters cleared?
Monitor system CPU / system calls in Linux