Assuming I ask the user for username and password, how can I compare that data to an AD group to make sure this user is member of a group and also the user has entered the right password for his or her account? I'm planning on creating a tool that would only allow users member of a group to use the tool.
$Username = Read-Host 'What is your username?'
Param(
[Parameter(Mandatory=$true, Position=0, HelpMessage="Password?")]
[SecureString]$password
)
$pw = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($password))
*Assuming you are using the ActiveDirectory Module
To Validate if a user is a Member of an AD Group:
$Username = Read-Host 'What is your username?'
$Group = "Your AD Group name"
$ADUser = Get-ADUser $Username
If ($ADUser)
{
$ADGroup = Get-ADGroupMember $Group
if ($ADUser.SamAccountName -in ($ADGroup.SamAccountName))
{
"Exist"
}
else
{
"Not Exist"
}
}
To Validate AD User Credentials against a Domain Controller:
*AD Module not required
Add-Type -AssemblyName System.DirectoryServices.AccountManagement
$Username = Read-Host 'What is your username?'
$Password = Read-Host 'What is your Password?'
$Domain = Read-Host 'What is your DOMAIN Name?'
$ct = [System.DirectoryServices.AccountManagement.ContextType]::Domain
$pc = New-Object System.DirectoryServices.AccountManagement.PrincipalContext $ct, $Domain
if ($pc.ValidateCredentials($UserName, $Password))
{
"Validated"
}
Else
{
"Invalid Credential"
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.