2

I need to test a username and password pair against a given domain in a VBScript. The script will know the username, password, and domain against which it needs to check for access, and all I need returned is a true or false as to whether the account is valid.

Can anyone suggest a good way to accomplish this? Thanks!

Wim Coenen
  • 66,094
  • 13
  • 157
  • 251
c0nsumer
  • 59
  • 1
  • 1
  • 5
  • 1
    Looks like this (http://stackoverflow.com/questions/290548/c-validate-a-username-and-password-against-active-directory) is a good way to do it in .NET, but a straight-up VBScript solution would be best. – c0nsumer Oct 04 '10 at 15:10

4 Answers4

6

Had trouble with the posted fnCheckAccess(strDomain, strUserID, strUserPWD) as my domain OU structure does not have users within OU=Users. Based on the MSDN article came up with the following which should work on any domain:

    'http://msdn.microsoft.com/en-us/library/windows/desktop/aa706065%28v=vs.85%29.aspx
    Set objNetwork = CreateObject("WScript.Network")
    strDomain = objNetwork.UserDomain
    Const ADS_SECURE_AUTHENTICATION = 1
    strUsername=InputBox("Enter Username:")
    strPassword=InputBox("Enter Password:")
    Set objDS = GetObject("LDAP:")
    On Error Resume Next
    Set objDomain = objDS.OpenDSObject("LDAP://" & strDomain, strUsername, strPassword, ADS_SECURE_AUTHENTICATION)
    If Err.Number Then
        WScript.Echo _
            "For user:" & vbCrLf & _
            "   " & strDomain & "\" & strUsername & vbCrLf & _ 
            "Error Number:" & vbCrLf & _
            "   " & Err.Number & vbCrLf & _
            "Error Description:" & vbCrLf & _
            "   " & Err.Description
    Else
        WScript.Echo _
            "Valid password entered for user" & vbCrLf & _
            "   " & strDomain & "\" & strUsername
    End If
    On Error Goto 0
Michael Weigert
  • 61
  • 1
  • 1
4

The following function will test a username/password against the given domain:

function fnCheckAccess(strDomain, strUserID, strUserPWD)

const ADS_SECURE_AUTHENTICATION = &h0001
const ADS_CHASE_REFERRALS_ALWAYS = &H60

dim objDSO
dim objUser
dim strPath

strPath = "LDAP://" & strDomain & "/OU=Users,DC=" & strDomain

On Error Resume Next
set objDSO = GetObject("LDAP:")
set objUser = objDSO.OpenDSObject (strPath, strUserID, strUserPWD, ADS_SECURE_AUTHENTICATION OR ADS_CHASE_REFERRALS_ALWAYS)
if Err.Number <> 0 then
    MsgBox "Incorrect Password for " & g_strDomain & "\" & g_strUserID & "." & vbCRLF & vbCRLF & "Error " & Err.Number & ": " & Err.Description, 16, "Access Denied"
    fnCheckAccess = False
else
    fnCheckAccess = True
end if
Err.Clear
On Error Goto 0

set objDSO = Nothing
set objUser = Nothing

end function
c0nsumer
  • 59
  • 1
  • 1
  • 5
2

This isn't the "Microsoft approved" method of credential validation:

http://msdn.microsoft.com/en-us/library/windows/desktop/aa706065(v=vs.85).aspx

The "Logon User" API should work nice for XP+ Operating Systems.

The following article was also very helpfull in getting this figured out (VB.NET):

http://codingforpassion.blogspot.com/2011/07/windows-logon-api-for-net.html

StevoInco
  • 861
  • 1
  • 7
  • 15
1
runas /u:domain\user notepad.exe

does the trick

juFo
  • 17,849
  • 10
  • 105
  • 142