How would I compare the username and password entered by the user against an AD group?

Question

Assuming I ask the user for username and password, how can I compare that data to an AD group to make sure this user is member of a group and also the user has entered the right password for his or her account? I'm planning on creating a tool that would only allow users member of a group to use the tool.

$Username = Read-Host 'What is your username?'

Param(
    [Parameter(Mandatory=$true, Position=0, HelpMessage="Password?")]
    [SecureString]$password
)

$pw = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($password))

Answer 1

*Assuming you are using the ActiveDirectory Module

To Validate if a user is a Member of an AD Group:

$Username = Read-Host 'What is your username?'
$Group = "Your AD Group name"
$ADUser = Get-ADUser $Username

If ($ADUser)
{
    $ADGroup = Get-ADGroupMember $Group
    if ($ADUser.SamAccountName -in ($ADGroup.SamAccountName))
    {
       "Exist"
    }
    else
    {
       "Not Exist"
    }
}

To Validate AD User Credentials against a Domain Controller:

*AD Module not required

Add-Type -AssemblyName System.DirectoryServices.AccountManagement

$Username = Read-Host 'What is your username?'
$Password = Read-Host 'What is your Password?'
$Domain = Read-Host 'What is your DOMAIN Name?'

$ct = [System.DirectoryServices.AccountManagement.ContextType]::Domain
$pc = New-Object System.DirectoryServices.AccountManagement.PrincipalContext $ct, $Domain
if ($pc.ValidateCredentials($UserName, $Password))
{
    "Validated"
}

Else
{
    "Invalid Credential"
}