Monday, September 14, 2020

Test AD authentication via PowerShell

Test password

Sometimes, it is useful to test Active Directory credentials to validate the login or the password in many scenario to test the Identity and Access management Use Cases For example, following the bulk creation of users / Update , Password Reset and many other scenario

The most commonly used actions is connecting to a remote desktop (RDP) or connecting to a webmail. However, either the number of login to be tested is too important, or no service is accessible to test an authentication.

PowerShell to the rescue

$UserName = 'vkejriwal'
$Password = 'yyyyyyyy'

Function Test-ADAuthentication {
    param(
        $username,
        $password)
    
    (New-Object DirectoryServices.DirectoryEntry "",$username,$password).psbase.name -ne $null
}

Test-ADAuthentication -username $UserName -password $password

The return values are:
  • TRUE if authentication is successful
  • FALSE if authentication failed. The reason can be:
    • bad login. 
    • bad password
    • locked out AD acount: Get-ADUser -Identity xxx -Properties LockedOut,AccountLockoutTime | Select samaccountname,LockedOut,AccountLockoutTime
    • disabled AD account: Get-ADUser -Identity xxxx | Select samaccountname,Enabled
Posted by at No comments:
Labels: , , ,
Subscribe to: Posts (Atom)