Sometimes, it is useful to test Active Directory credentials to validate the login or the password. For example, following the bulk creation of users.
The most commonly used actions is connecting to a remote desktop (RDP) or connecting to a webmail. However, either the number of loginto be tested is too important, or no service is accessible to test an authentication.
PowerShell to the rescue
Be careful not to test authentications loop with a bad password, otherwise it may cause a lockout of the AD account.
PowerShell allows you to test login / password authentication against Active Directory using one of these two methods:
The return values are:
- TRUE if authentication is successful
- FALSE if authentication failed. The reason can be:
- bad login. Test if AD user exists
- bad password
- locked out AD acount: Get-ADUser -Identity xxx -Properties LockedOut,AccountLockoutTime | Select samaccountname,LockedOut,AccountLockoutTime
- disabled AD account: Get-ADUser -Identity xxxx | Select samaccountname,Enabled