A common method to investigate for Active Directory authentication issues is inspecting logs and event viewer, it’s simple and effective. But this means that the issue already occurred. What if the problem was a wrong password generated and communicate to the user? Can we be more proactive and avoid this issue from happening?
Whenever I wanted to check if the credentials that were provided by the third party for a large number of accounts were valid/correct (to prevent support requests and don’t let end-users wait for their access any longer) performing this task manually was never an option for me.
That’s the reason why I wrote this simple script (or variations of it) to validate user credentials automatically and testing the overall efficiency of an on-boarding process. It also works with local users, not just ActiveDirectory users.
This is an interactive test for a user credential:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
## Paolo Frigo, https//www.scriptinglibrary.com function Test-ADCredential($cred) { try { start-process 'cmd' -Credential $cred $auth_success = [bool](Get-Process 'cmd' -IncludeUserName | select id, username, processname ) if ($auth_success -eq $true){ Get-Process 'cmd' -IncludeUserName | Where-Object {$_.username -eq "$($cred.Username)" } |Stop-Process -Force Write-OutPut "Autentication succedeed for $($cred.Username)" } } catch { Write-OutPut "Authentication Failed for $($cred.Username)" } } Test-ADCredential($(Get-Credential)) |
If this script is used to manage the onboarding of new employee and to test access to some programs is better not to break the automation with a get-credential cmdlet, if you have a hash table with username and password you can use it a for loop and pass the credentials directly.