# bring up an error prompt with OK buttonfunction dumbPrompt { param ($Pr

1. # bring up an error prompt with OK button
2. function dumbPrompt {
3. param ($PromptText = $(throw “You must pass a text string.”))
4. $a = new-object -comobject wscript.shell
5. $b = $a.popup($PromptText,0,“Error”,0)
6. }
7. # authenticates PSCredentials to a domain.
8. function auth-AdCreds {
9. param ($cred)
10. # make sure a PSCredential was passed.
11. if ($cred -isnot [System.Management.Automation.PSCredential]) {
12. write-host -f Red ‘ERROR: You must pass a PSCredential (i.e. Get-Credential).’
13. return $False
14. }
15. # if the username is entered with no domain sufficx\prefix a leading \ is put in the username that needs to be cleared
16. $username = $cred.username.trimstart(‘\’)
17. $password = $cred.GetNetworkCredential().password
18. # Get current domain using logged-on user’s credentials
19. # Two options here. Specify the path to a specific domain controller. Handy if you system is not a member of the domain authenticating to.,
20. #$CurrentDomain = ‘LDAP:///DC=domain,DC=corp’
21. # Second option, use the domain of the local computer
22. $CurrentDomain = ‘LDAP://’+([ADSI]“”).distinguishedName
23. $dom = New-Object System.DirectoryServices.DirectoryEntry($CurrentDomain,$UserName,$Password)
24. $res = $dom.name
25. if ($res -eq $null) {
26. return $False
27. } else {
28. return $True
29. }
30. }
31. ## Get credentials and validate them ##
32. # $count used to count the number of failed authentication attempts (3 max)
33. $count = 0
34. do {
35. # $clear used to validate success or failure
36. $clear = $true
37. # prompt for the password of the current user
38. $creds = get-credential -credential “$ENV:username” -EA SilentlyContinue
39. # bypasses the checks if cancel/escape is pressed
40. if ($creds) {
41. write-host -f Green “Validating credentials…”
42. # [optional] some programs authenticate without domain suffix/prefix. You cannot modify the credential username so you can prompt and resubmit if they are provided.
43. # Another other option would be to ignore this, copy the username to a string var, then modify the string if you don’t have to pass a PSCredential.
44. if ($creds.username.toUpper().startswith(‘DOMAIN\‘) -or $creds.username.toLower().endswith(‘@domain.corp‘)) {
45. $clear = $false
46. dumbPrompt ‘You cannot use “DOMAIN\” or “@domain.corp” in the username. Please use your s- account with no domain specified.‘
47. Remove-Variable creds
48. }
49. # perform the actual authentication check if $clear is true
50. if ($clear) {
51. $clear = auth-AdCreds $creds
52. # retry is authentication fails
53. if (!$clear) {
54. dumbPrompt ‘Failed to authenticate the credentials to the domain.corp domain. Please try again.‘
55. Remove-Variable creds
56. $count++
57. }
58. }
59. }
60. } until ($clear -or $count -ge 3)
61. # exit if user selected cancel/escape
62. if (!$creds) {
63. dumbPrompt ‘Valid credentials must be supplied to continue. Exiting the program.‘
64. sleep 5
65. #exit
66. }
67. # exit if the three try limit was met
68. if ($count -ge 3) {
69. dumbPrompt ‘You have reached the three failure limit. Please make sure you are entering the correct password and that your account is not locked.’
70. sleep 5
71. #exit