I understand that no secure application has the ability to retrieve a password by using a mere script, but I was wondering if it's possible to at least verify if an entered password is correct using PowerShell.
I need to build a script that will allow a user to change his AD password, but for that to be possible, he/she needs to enter his current password. I will then perform a check to see if the current entered password is correct before proceeding.
I tried to verify the current attributes that a Get-ADUser
can return, but i can't find anything useful to this.
Can someone please help me out?
CodePudding user response:
Don't know where I found it but this works for me
# Validate credentials
[System.Reflection.Assembly]::LoadWithPartialName("System.DirectoryServices.AccountManagement")
$principalContext = New-Object System.DirectoryServices.AccountManagement.PrincipalContext([System.DirectoryServices.AccountManagement.ContextType]::Domain, '<yourdomain>')
$principalContext.ValidateCredentials('<user>', '<password>')