Jump to content
Sign in to follow this  
support

Validate Password for Windows Account (by Click Studios)

Recommended Posts

Script Name

Validate Password for Windows Account

 

Description

Checks if a local Windows Account Password is correct

 

System Requirements

  • PowerShell 2.0 or above
  • PowerShell Remoting enabled
  • Firewall to allow access
  • .NET Framework 3.5 for PowerShell 2 to be installed on the remote Host, or .NET Framework 3.5 or above for PowerShell 3.0

 

Successfully Tested Against

  • Windows Server 2008 & R2
  • Windows Server 2012 & R2
  • Windows 7 Desktop
  • Windows 8 & 8.1 Desktop

 

Failed Testing Against

  • None reported 

 
PowerShell Script

<#
.SYNOPSIS
Connect to a Windows host and validate the password for the account is correct.
.NOTES
Requires PowerShell Remoting to be enabled, and 'Remote Service Management' to be allowed through the Firewall
#>
function Validate-WindowsPassword
{
	[CmdletBinding()]
	param (
		[String]$HostName,
		[String]$UserName,
		[String]$CurrentPassword,
		[String]$PrivilegedAccountUserName,
		[String]$PrivilegedAccountPassword
	)
	
	$scriptBlock = {
		param ($HostName, $UserName, $CurrentPassword)
		
		#First try/catch determines if .NET Framework 3.5 or above is installed
		try
		{
			Add-Type -AssemblyName System.DirectoryServices.AccountManagement
			$DS = New-Object System.DirectoryServices.AccountManagement.PrincipalContext([System.DirectoryServices.AccountManagement.ContextType]::Machine)
			
			#Second try/catch determines if account is locked/disabled - without second try/catch, it would always report 'Could not load assembly'
			try {
				$resultsarray = $DS.ValidateCredentials($UserName, $CurrentPassword)
				$DS.Dispose()
				Write-Output $resultsarray
			}
			catch
			{ Write-Output "Account locked or disabled" }
		}
		catch
		{ Write-Output 'Cannot load assembly' }
	}
	
	try
	{
		#Establish the PowerShell Credentials used to execute the script block - based on the Privileged Account Credentials selected for this script
		$CredPassword = ConvertTo-SecureString $PrivilegedAccountPassword -AsPlainText -Force
		$Credentials = New-Object System.Management.Automation.PSCredential($PrivilegedAccountUserName, $CredPassword)
		
		#Execute the command and put the output in an array.
		$resultsarray = Invoke-Command -ComputerName $HostName -Authentication 'Default' -Credential $Credentials -ScriptBlock $scriptBlock -ArgumentList $HostName, $UserName, $CurrentPassword 2>&1 #Using 2>&1 to ensure STDERR is piped to STDOUT
		
		if ($resultsarray -eq $true)
		{
			Write-Output "Success"
		}
		else
		{
			switch -wildcard ($resultsarray.ToString().ToLower())
			{
				"*Cannot load assembly*" { Write-Output "Failed to validate the local Windows password for account '$UserName' on Host '$HostName'. PowerShell 2.0 requires .NET Framework 3.5 to be installed. PowerShell 3 requires .NET Framework 3.5 or greater."; break }
				"*Account locked or disabled*" { Write-Output "Failed to validate the local Windows password for account '$UserName' on Host '$HostName' as it appears the account is currently locked or disabled."; break }
				"*WinRM cannot complete the operation*" { Write-Output "Failed to validate the local Windows password for account '$UserName' on Host '$HostName' as it appears the Host is not online, or PowerShell Remoting is not enabled."; break }
				"*WS-Management service running*" { Write-Output "Failed to validate the local Windows password for account '$UserName' on Host '$HostName' as it appears the Host is not online, or PowerShell Remoting is not enabled."; break }
				"*cannot find the computer*" { Write-Output "Failed to validate the local Windows password for account '$UserName' on Host '$HostName'. Possible causes are: The Host is turned off, doesn't exist, PowerShell Remoting has not been enabled, or Privileged Account Credentials are incorrect."; break }
				"*no logon servers available*" { Write-Output "Failed to validate the local Windows password for account '$UserName' on Host '$HostName'. There are currently no logon servers available to service the logon request."; break }
				"*currently locked*" { Write-Output "Failed to validate the local password for account '$UserName' on Host '$HostName'. The referenced account is currently locked out and may not be logged on to."; break }
				"*user name or password is incorrect*" { Write-Output "Failed to validate the local password for account '$UserName' on Host '$HostName' as the Privileged Account password appears to be incorrect, or the account is currently locked."; break }
				#Add other wildcard matches here as required
			    default { Write-Output "Failed to validate the local password for account '$UserName' on Host '$HostName' - password appears to be incorrect." }
			}
		}
	}
	catch
	{
		switch -wildcard ($error[0].Exception.ToString().ToLower())
		{
			"*currently locked*" { Write-Output "Failed to validate the local password for account '$UserName' on Host '$HostName'. The referenced account is currently locked out and may not be logged on to."; break }
			"*Disconnect all previous connections*" { Write-Output "Failed to validate the local password for account '$UserName' on Host '$HostName'. Error = Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed. Disconnect all previous connections to the server or shared resource and try again."; break }
			#Add other wildcard matches here as required
			default { Write-Output "Failed to validate the local password for account '$UserName' on Host '$HostName'. Error = " $error[0].Exception }
		}
	}
}

#Make a call to the Validate-WindowsPassword function
Validate-WindowsPassword -HostName '[HostName]' -UserName '[UserName]' -CurrentPassword '[CurrentPassword]' -PrivilegedAccountUserName '[PrivilegedAccountUserName]' -PrivilegedAccountPassword '[PrivilegedAccountPassword]'

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×