I just created computer object in active directory. I set password for computer object using SetPassword Command. How can we verify password for computer object or authenticate with that password? Is there any way to validate that password is valid with that computer?
Asked
Active
Viewed 1,032 times
0
-
Why on earth do you want to set the password for a computer object? They are automatically overwritten periodically by complex passwords agreed automatically between the PC and the domain controller. – Ashigore Jun 04 '14 at 10:36
-
NTLM authentication requires service account(computer object) for this protocol to work. I am using jespa for NTLM SSO. Need to give computer object with password to jespa to do NTLMSSO. For this i need to verify user password against computer object. – angryMan Jun 04 '14 at 17:08
1 Answers
1
Validating a computer account password can be done in the same way as user passwords. Computer accounts also have a username SamAccountName.
I'm not sure how to provide an example as you have not specified any programming platform but for the sake of it here is an example using c# and the System.DirectoryServices.AccountManagement namespace.
string password = "securepassword";
using (PrincipalContext context = new PrincipalContext(ContextType.Domain))
using (ComputerPrincipal computer = ComputerPrincipal.FindByIdentity(context, "Temp1"))
{
computer.SetPassword(password);
Console.WriteLine(context.ValidateCredentials(computer.SamAccountName, string.Empty).ToString()); // Returns False
Console.WriteLine(context.ValidateCredentials(computer.SamAccountName, password).ToString()); //Returns True
}
Ashigore
- 4,618
- 1
- 19
- 39
-
Thanks ashigore. Please give some examples in c++. I googled for "PrincipalContext.validateCredentials in c++". but i didnt get any clear examples. – angryMan Jun 05 '14 at 10:58
-
I don't know C++ but this question http://stackoverflow.com/questions/6019094/validating-domain-user-credentials has a good suggestion. – Ashigore Jun 05 '14 at 12:09