#PSTip Verify Active Directory account credentials using System.DirectoryServices.DirectoryEntry

The System.DirectoryServices.AccountManagement namespace provides a nice way of testing if a set of Active Directory credentials are correct (also discussed in PSTip Validating Active Directory user credentials ). Another method is utilizing the System.DirectoryServices.DirectoryEntry class to create an LDAP connection to the default domain. By default every user should be able to access this entry and therefore this can be used to verify the Active Directory credentials of a user account. The following example will show the basic workings of the class.

PS > $DomainDN = ([adsi]'').distinguishedName
PS > New-Object System.DirectoryServices.DirectoryEntry("LDAP://$DomainDN",'jaapbrasser','Secret01')
format-default : The following exception occurred while retrieving member "distinguishedName": "The user name or password is incorrect."
    + CategoryInfo          : NotSpecified: (:) [format-default], ExtendedTypeSystemException
    + FullyQualifiedErrorId : CatchFromBaseGetMember,Microsoft.PowerShell.Commands.FormatDefaultCommand

Unlike System.DirectoryServices.AccountManagement, the output is not $true or $false. Instead, an error is generated if the class is provided with incorrect credentials. If the credentials are correct the returned object will contain the distinguishedName property, this property will be used to create the Boolean output.

$DomainDN = ([adsi]'').distinguishedName
$Account = New-Object System.DirectoryServices.DirectoryEntry("LDAP://$DomainDN",'jaapbrasser','Secret01')

Now we get output similar to what the System.DirectoryServices.AccountManagement class provides. This is obviously more work to implement but you can wrap this in a function and reuse it when needed. An advantage of this class is that no additional DLLs are required for this script to function.

About the author: Jaap Brasser

Jaap is a Senior System Engineer in the Financial Services industry. He focuses on Microsoft and related technologies and has a passion for PowerShell. In his spare time he maintains his Blog, Twitter feed, @Jaap_Brasser, and contributes on the Official Scripting Guys Forum and Windows PowerShell TechNet forums

Related Posts

%d bloggers like this: