1

The solution posted here is what I am trying below: Validating PowerShell PSCredentials

My script requires domain credentials to be passed as arguments. Here is how I'm trying to validate the creds:

if ($username -and $pass) {
  $Password = ConvertTo-SecureString $pass -AsPlainText -Force
  $Credentials = New-Object -Typename System.Management.Automation.PSCredential -ArgumentList $username, $Password

  $TestUsername = $Credentials.username
  $TestPassword = $Credentials.GetNetworkCredential().password

  # Get current domain using logged-on user's credentials
  $CurrentDomain = "LDAP://" + ([ADSI]"").distinguishedName
  $domain = New-Object System.DirectoryServices.DirectoryEntry($CurrentDomain,$TestUsername,$TestPassword)

  if ($domain.name -eq $null) {
   write-host "Authentication failed - please verify your username and password."
   exit #terminate the script.
  } else {
   write-host "Successfully authenticated with domain $domain.name"
  }

}

But for some reason, this always leads me to "Authentication failed - please verify your username and password". What is the problem, and would your solution also work from a runas command where creds are not passed in as arguments?

Community
  • 1
  • 1
AlwaysQuestioning
  • 1,464
  • 4
  • 24
  • 48
  • 1
    I would recommend against passing plain-text passwords as arguments to functions. – Bill_Stewart Feb 17 '17 at 17:04
  • Do you have any input on how I could verify that the user in a runas command is a valid domain account? To be clear, I still need answers to both cases. – AlwaysQuestioning Feb 17 '17 at 17:06
  • Because when run across multiple computers, the user account gets locked out if the password is entered incorrectly and too many failed authentication attempts occur. – AlwaysQuestioning Feb 17 '17 at 18:15
  • I will admit something seems off here as I can replicate your issue but you _could_ count failures in your process as well and set a threshold to prevent your issue as well. – Matt Feb 17 '17 at 18:25
  • If you fail on one computer, then I would recommend stopping the process and informing the user there was an error. – Bill_Stewart Feb 17 '17 at 19:22

0 Answers0