PowerShell: Test Domain Username & Password Credential

Version 2:

function testCredential($username,$password){
    # Get current domain using logged-on user's credentials
    $isDomainJoined=$env:USERDOMAIN -ne $env:COMPUTERNAME 
    if($isDomainJoined){
        $domain="LDAP://"+([ADSI]"").distinguishedName # Legacy method without importing ActiveDirectory module
        $login=New-Object System.DirectoryServices.DirectoryEntry($domain,$username,$password)
        try{
            if($null -ne $login.name) {
                write-host "$username credential is valid" -foregroundcolor green
                return $true
            }else{
                write-warning "invalid credentials"
                return $false
                }
        }catch{
            write-warning $_
            return $false
            }
    }else{
        if(!(get-command psexec.exe)){
            [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
            if (!(Get-Command choco.exe -ErrorAction SilentlyContinue)) {
                Set-ExecutionPolicy Bypass -Scope Process -Force; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))
                }
            $null=choco install sysinternals -y
        }
        $pinfo = New-Object System.Diagnostics.ProcessStartInfo
        $pinfo.FileName = "psexec.exe"
        $pinfo.RedirectStandardError = $true
        $pinfo.RedirectStandardOutput = $true
        $pinfo.UseShellExecute = $false
        $pinfo.Arguments = "\\$env:computername -u $username -p $password -s cmd /c hostname"
        $p = New-Object System.Diagnostics.Process
        $p.StartInfo = $pinfo
        $p.Start() | Out-Null
        $p.WaitForExit()
        if($p.ExitCode -eq 0){
            return $true
        }else{
            return $false
        }
    }
}

Version 1:

# Obtain credential from user, this can be set directly when calling function
$cred = Get-Credential 
$username = $cred.username
$password = $cred.GetNetworkCredential().password

function testCredential($username,$password){
	# Get current domain using logged-on user's credentials
	$domain = "LDAP://" + ([ADSI]"").distinguishedName
	$login = New-Object System.DirectoryServices.DirectoryEntry($domain,$username,$password)
	try{
		if($login.name -ne $null) {
			write-host "$username credential is valid" -foregroundcolor green
			return $true
		}else{
			write-warning "invalid credentials"
			return $false
			}
	}catch{
		write-warning $_
		return $false
		}
}
testCredential $username $password

Leave a Reply

Your email address will not be published. Required fields are marked *