Last active
November 17, 2021 03:34
-
-
Save kewalaka/41352adc78c085d43dd16e4915fa56f7 to your computer and use it in GitHub Desktop.
This is a simple script that can be used to interactively check an AD account
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$Domain = $env:USERDOMAIN | |
# comment out the credential line if you want to cache this | |
Clear-Variable -Name Credential* | |
$Credential = $( Get-Credential -Message "Please provide AD credentials to test. There is no need to add the domain if it is '$Domain\'" ) | |
if ($Credential) | |
{ | |
$Context = "Domain" # Domain this is the type, not the domain name - i.e. as opposed to Local auth, or ADLS | |
# now the magic happens | |
Add-Type -AssemblyName System.DirectoryServices.AccountManagement | |
$DS = New-Object System.DirectoryServices.AccountManagement.PrincipalContext([System.DirectoryServices.AccountManagement.ContextType]::$Context, $Domain) | |
$result = $DS.ValidateCredentials($Credential.UserName, $Credential.GetNetworkCredential().password) | |
$DS.Dispose() | |
if ($result) | |
{ $output = "works" } | |
else | |
{ $output = "does not work" } | |
Write-Host "`nThe password for $($Credential.UserName) $output" | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment