Difference between revisions of "Ad login test authentication"
Jump to navigation
Jump to search
Line 1: | Line 1: | ||
https://itpro-tips.com/2019/test-ad-authentication-via-powershell/ | https://itpro-tips.com/2019/test-ad-authentication-via-powershell/ | ||
− | + | ||
Be careful not to test authentications loop with a bad password, otherwise it may cause a lockout of the AD account. | Be careful not to test authentications loop with a bad password, otherwise it may cause a lockout of the AD account. | ||
PowerShell allows you to test login / password authentication against Active Directory using one of these two methods: | PowerShell allows you to test login / password authentication against Active Directory using one of these two methods: | ||
+ | ``` | ||
$UserName = 'xxxx' | $UserName = 'xxxx' | ||
$Password = 'yyyy' | $Password = 'yyyy' | ||
Line 15: | Line 16: | ||
(New-Object DirectoryServices.DirectoryEntry "",$username,$password).psbase.name -ne $null | (New-Object DirectoryServices.DirectoryEntry "",$username,$password).psbase.name -ne $null | ||
} | } | ||
+ | ``` | ||
+ | |||
+ | ``` | ||
Test-ADAuthentication -username $UserName -password $password | Test-ADAuthentication -username $UserName -password $password | ||
+ | ``` | ||
or an advanced function if you need to test against another AD domain: | or an advanced function if you need to test against another AD domain: | ||
+ | ``` | ||
function Test-ADAuthentication { | function Test-ADAuthentication { | ||
Param( | Param( | ||
Line 53: | Line 59: | ||
} | } | ||
} | } | ||
+ | ``` | ||
+ | |||
+ | ``` | ||
#Test-ADAuthentication -User toto -Password passXX | #Test-ADAuthentication -User toto -Password passXX | ||
#Test-ADAuthentication -User toto -Password passXX -Server xxx.domain.com | #Test-ADAuthentication -User toto -Password passXX -Server xxx.domain.com |
Latest revision as of 18:05, 18 November 2022
https://itpro-tips.com/2019/test-ad-authentication-via-powershell/
Be careful not to test authentications loop with a bad password, otherwise it may cause a lockout of the AD account.
PowerShell allows you to test login / password authentication against Active Directory using one of these two methods:
$UserName = 'xxxx' $Password = 'yyyy' Function Test-ADAuthentication { param( $username, $password) (New-Object DirectoryServices.DirectoryEntry "",$username,$password).psbase.name -ne $null }
Test-ADAuthentication -username $UserName -password $password
or an advanced function if you need to test against another AD domain:
function Test-ADAuthentication { Param( [Parameter(Mandatory)] [string]$User, [Parameter(Mandatory)] $Password, [Parameter(Mandatory = $false)] $Server, [Parameter(Mandatory = $false)] [string]$Domain = $env:USERDOMAIN ) Add-Type -AssemblyName System.DirectoryServices.AccountManagement $contextType = [System.DirectoryServices.AccountManagement.ContextType]::Domain $argumentList = New-Object -TypeName "System.Collections.ArrayList" $null = $argumentList.Add($contextType) $null = $argumentList.Add($Domain) if($null -ne $Server){ $argumentList.Add($Server) } $principalContext = New-Object System.DirectoryServices.AccountManagement.PrincipalContext -ArgumentList $argumentList -ErrorAction SilentlyContinue if ($null -eq $principalContext) { Write-Warning "$Domain\$User - AD Authentication failed" } if ($principalContext.ValidateCredentials($User, $Password)) { Write-Host -ForegroundColor green "$Domain\$User - AD Authentication OK" } else { Write-Warning "$Domain\$User - AD Authentication failed" } }
#Test-ADAuthentication -User toto -Password passXX #Test-ADAuthentication -User toto -Password passXX -Server xxx.domain.com The return values are: TRUE if authentication is successful FALSE if authentication failed. The reason can be: bad login. Test if AD user exists bad password locked out AD acount: Get-ADUser -Identity xxx -Properties LockedOut,AccountLockoutTime | Select samaccountname,LockedOut,AccountLockoutTime disabled AD account: Get-ADUser -Identity xxxx | Select samaccountname,Enabled