Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <#
- .SYNOPSIS
- Tests user credentials against Active Directory
- .DESCRIPTION
- This version of the script does NOT requires the ActiveDirectory PowerShell module to be present.
- #>
- [CmdletBinding()]
- param
- (
- [parameter(Mandatory=$true,Position=0)]
- [ValidateScript({
- $null -ne $_.Password -and $_.UserName -like "*\*"
- })]
- [PSCredential] $Credential
- ,
- [parameter(Mandatory=$false,Position=1)]
- [string] $FQDomainName
- )
- #Parse provided user credentials
- $NetBIOSDomain = $Credential.UserName.Split('\')[0]
- $UserName = $Credential.UserName.Split('\')[-1]
- $Password = $Credential.GetNetworkCredential().Password
- if ($PSBoundParameters["FQDomainName"])
- {
- # Separate and form DN
- $names = $FQDomainName.Split('.')
- $new=@()
- for ($i=0; $i -lt $names.Length; $i++)
- {
- $name = $names[$i]
- $new += "DC=$name"
- }
- $result = $new -join ','
- # Now test it
- $test = [ADSI]::new("LDAP://$result")
- $dn = $test.distinguishedName
- }
- else
- {
- # Use the current domain
- $adsi = [ADSI]''
- $dn = $adsi.distinguishedName
- }
- Write-Verbose $($dn | Out-String)
- Write-Host "`nChecking Credentials for $NetBIOSDomain\$UserName" -BackgroundColor Black -ForegroundColor Yellow
- Write-Host "***************************************"
- $bind = New-Object System.DirectoryServices.DirectoryEntry(
- "LDAP://$dn", $UserName, $Password
- )
- try
- {
- $bind.RefreshCache()
- }
- catch
- {
- $msg = $_.Exception.Message
- Write-Host "Authentication Result: " -f Yellow -NoNewLine
- Write-Host "FAILURE!" -f Red
- if ($msg -like "*user name or password is incorrect*")
- {
- Write-Host "The username or password is incorrect!" -f Red
- }
- else
- {
- Write-Host $_.Exception.Message -f Red
- }
- break
- }
- Write-Verbose "Domain $dn was found: True"
- # Search for User Account -- the script invoker must have READ access to the queried domain
- $search = New-Object System.DirectoryServices.DirectorySearcher
- $search.Filter = "(&(objectClass=user)(sAMAccountName=$UserName))"
- $search.SearchRoot = "LDAP://$dn"
- $user = $search.FindOne()
- $userActControl = $user.Properties.useraccountcontrol[0]
- if (([int]$userActControl -band 2) -ne 0)
- {
- Write-Host "User Enabled: " -NoNewLine -f Yellow
- Write-Host "False" -f Red
- Write-Host "Authentication Result: " -f Yellow -NoNewLine
- Write-Host "FAILURE!" -f Red
- break
- }
- else
- {
- Write-Host "User Enabled: " -NoNewLine -f Yellow
- Write-Host "True" -f Green
- }
- if ($null -ne $user.Properties.lockouttime)
- {
- Write-Host "User Locked: " -NoNewLine -f Yellow
- Write-Host "True" -f Red
- Write-Host "Authentication Result: " -f Yellow -NoNewLine
- Write-Host "FAILURE!" -f Red
- break
- }
- else
- {
- Write-Host "User Locked: " -NoNewLine -f Yellow
- Write-Host "False" -f Green
- Write-Host "Authentication Result: " -f Yellow -NoNewLine
- Write-Host "SUCCESS!" -f Green
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement