This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(73.60000000000001, 46%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKS%3C/text%3E%3C/svg%3E)
I have a valid set of credentials stored in $Cred.
$Cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $UserName, $Password
Clearly they work like this:
PS C:\> $login=Test-ADAuthentication -username $Cred.UserName -password $Cred.GetNetworkCredential().Password
PS C:\> echo $login
True
However, I would like to pass them using only the $Cred variable if possible.
I have tried both of these, but neither work.
PS C:\> $login=Test-ADAuthentication -credential $Cred
PS C:\> echo $login
False
PS C:\> $login=Test-ADAuthentication -PSCredential $Cred
PS C:\> echo $login
False
Any help on this one?
Note: the only tag I found that was close to my question, was azure-ad-authentication-protocols... which isn't actually about my question, but I couldn;t submit the question without a tag.. so..
I ultimately figured this out... the Get-ADUser function has an option to pass $Cred, and if $Cred is wrong, it fails.
try
{
$login=Get-ADUser -Identity $User -Credential $Cred -Server $Domain
}
catch
{
$login=$false
Write-Host("Login failed!")
}
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 74%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERM%3C/text%3E%3C/svg%3E)
Any cmdlet that uses the -Credential parameter will fail if the credential is invalid. However, your code won't work the way you expect it to. You need to set the ErrorAction to STOP to throw the exception.
try {
$login=Get-ADUser -Identity $User -Credential $Cred -Server $Domain -ErrorAction STOP
}
catch{
$login=$false
Write-Host("Login failed!")
}
"Test-ADAuthentication" is a function that either you or someone else wrote. Is that correct? If so, see this: add-credentials-to-powershell-functions. The "Adding a Credential Parameter" section should help.
You can also pass the user-id as a string and the password as a secure string, and then create the credential in the function.
Hi Rich:
So the Test-ADAuthentication is a function that appears to be available with: Import-Module ActiveDirectory
That's the only think I did and the function worked. But in my last version, I'm not using Test-ADAuthentication any more.
We are passing the ID and PWD from a JAVA Application, then we simply want to check if they are valid. I believe I am passing the password as a secure string correctly.
Here is the full script:
$UserName = [ID@keyman .com PASSED FROM JAVA APP]
$Password = ConvertTo-SecureString [PWD VAR Passed from JAVA APP] -AsPlainText -Force
$Domain = $UserName -replace ".@"
$User=$UserName -replace "@."
$Cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $UserName, $Password
try
{
$login=Get-ADUser -Identity $User -Credential $Cred -Server $Domain
}
catch
{
$login=$false
Write-Host("Login failed!")
}
echo $login
Sorry, but Test-ADAuthentication isn't a Microsoft cmdlet:
PS C:\Users\Administrator> get-command test-* | Select Name
Name
----
Test-DnsServer
Test-DnsServerDnsSecZoneSetting
Test-Dtc
Test-NetConnection
Test-NfsMappingStore
Test-RDOUAccess
Test-RDVirtualDesktopADMachineAccountReuse
Test-ScriptFileInfo
Test-ADDSDomainControllerInstallation
Test-ADDSDomainControllerUninstallation
Test-ADDSDomainInstallation
Test-ADDSForestInstallation
Test-ADDSReadOnlyDomainControllerAccountCreation
Test-ADServiceAccount
Test-AppLockerPolicy
Test-Certificate
Test-ComputerSecureChannel
Test-Connection
Test-DscConfiguration
Test-FileCatalog
Test-KdsRootKey
Test-ModuleManifest
Test-NfsMappedIdentity
Test-Path
Test-PSSessionConfigurationFile
Test-UevTemplate
Test-WSMan
The first lines of that script don't do what you think they do. Replace the two regular expressions with:
$Domain = $UserName -replace "^.+@", ""
$User=$UserName -replace "@.+$", ""
and, unless the name of your domain controller is the same as your domain, this won't work either:
$login=Get-ADUser -Identity $User -Credential $Cred -Server $Domain
The "-Server" parameter should take the machine name of a Domain Controller (or a Global Catalog) server.
If the user name that's passed from your Java app is the form of a UPN (User Principal Name) there's no need to separate the "user" from the "domain".
The conversion of the password string to a secure string looks okay.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hi
What is Test-ADAuthentication? If it's a function, you can replace the parameters $username and $password with $credential, then add the below lines to the function.
$username = $credential.UserName
$password = $credential.GetNetworkCredential().Password
Best Regards,
Ian Xue
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(169.60000000000002, 5%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
There should be a security disclaimer here: In general, it isn't recommended to decrypt a credential password to plain-text.