PanosGreg · August 15, 2025 10:23
diff --git a/Test-ADCredential.ps1 b/Test-ADCredential.ps1
 function Test-ADCredential {
 <#
 .Synopsis
    Verify Active Directory credentials
 .EXAMPLE
    Test-ADCredential -Username user1 -Password Secret01
 #>

 [CmdletBinding(DefaultParameterSetName = 'PSCreds')]
 [OutputType([Boolean])]
 Param (
    [Parameter(Mandatory=$true,Position=0,ParameterSetName = 'PlainText')]
    [string]$Username,
    [Parameter(Mandatory=$true,Position=1,ParameterSetName = 'PlainText')]
    [string]$Password,

    [Parameter(Mandatory=$true,Position=0,ParameterSetName = 'PSCreds')]
    [pscredential]$Credential,

    [validateset('Domain','Machine','ApplicationDirectory')]  # AppDirectory is for ADAM
    [string]$Context = 'Domain',

    [switch]$DontCheckProfile
 )

 # get the user/pass from the pscreds
 if ($PSCmdlet.ParameterSetName -eq 'PSCreds') {
    $Username = $Credential.UserName
    $Password = $Credential.GetNetworkCredential().Password
 }

 # strip the domain prefix from the username
 if ($Username.IndexOf('\') -ge 1) {$Username = $Username.Split('\')[1]}

 # see if the user's profile already exists in the system
 if (-not $DontCheckProfile) {
    # find the Security ID (SID) of the user    
    try {
        $NtAccount = [Security.Principal.NTAccount]::new($env:USERDOMAIN, $Username)
        $UserSID   = $NtAccount.Translate([Security.Principal.SecurityIdentifier]).Value
    }
    catch {
        Write-Warning "Could not find user $Username in $env:USERDOMAIN"
        return
    }

    # load the CimCmdlets module
    if ((Get-Module).Name -notcontains 'CimCmdlets') {Import-Module -Name CimCmdlets -Verbose:$false}

    # get the local user profile
    $UserProfile = Get-CimInstance -ClassName Win32_UserProfile -Filter "SID = '$UserSID'" -Verbose:$false
    
    # inform the user that the profile will be created
    if ($null -eq $UserProfile) {
        Write-Verbose "The user $Username does not have a profile on this computer ($env:COMPUTERNAME)"
        Write-Verbose 'The credential check will take a bit longer, because the user profile will also be created for the 1st time.'
    }
 }

 # load the .net type for DirectoryServices
 if (-not ('System.DirectoryServices.AccountManagement.ContextType' -as [type])) {
    Add-Type -AssemblyName System.DirectoryServices.AccountManagement -ErrorAction Stop
 }

 # finally check the account
 $CtxType   = [System.DirectoryServices.AccountManagement.ContextType]::$Context
 $Principal = [System.DirectoryServices.AccountManagement.PrincipalContext]::new($CtxType)
 $CanLogin  = $Principal.ValidateCredentials($Username, $Password)

 # clean up
 $Principal.Dispose()

 # show the output
 Write-Output $CanLogin  # <-- boolean
 }
	function Test-ADCredential {
	<#
	.Synopsis
	Verify Active Directory credentials
	.EXAMPLE
	Test-ADCredential -Username user1 -Password Secret01
	#>

	[CmdletBinding(DefaultParameterSetName = 'PSCreds')]
	[OutputType([Boolean])]
	Param (
	[Parameter(Mandatory=$true,Position=0,ParameterSetName = 'PlainText')]
	[string]$Username,
	[Parameter(Mandatory=$true,Position=1,ParameterSetName = 'PlainText')]
	[string]$Password,

	[Parameter(Mandatory=$true,Position=0,ParameterSetName = 'PSCreds')]
	[pscredential]$Credential,

	[validateset('Domain','Machine','ApplicationDirectory')] # AppDirectory is for ADAM
	[string]$Context = 'Domain',

	[switch]$DontCheckProfile
	)

	# get the user/pass from the pscreds
	if ($PSCmdlet.ParameterSetName -eq 'PSCreds') {
	$Username = $Credential.UserName
	$Password = $Credential.GetNetworkCredential().Password
	}

	# strip the domain prefix from the username
	if ($Username.IndexOf('\') -ge 1) {$Username = $Username.Split('\')[1]}

	# see if the user's profile already exists in the system
	if (-not $DontCheckProfile) {
	# find the Security ID (SID) of the user
	try {
	$NtAccount = [Security.Principal.NTAccount]::new($env:USERDOMAIN, $Username)
	$UserSID = $NtAccount.Translate([Security.Principal.SecurityIdentifier]).Value
	}
	catch {
	Write-Warning "Could not find user $Username in $env:USERDOMAIN"
	return
	}

	# load the CimCmdlets module
	if ((Get-Module).Name -notcontains 'CimCmdlets') {Import-Module -Name CimCmdlets -Verbose:$false}

	# get the local user profile
	$UserProfile = Get-CimInstance -ClassName Win32_UserProfile -Filter "SID = '$UserSID'" -Verbose:$false

	# inform the user that the profile will be created
	if ($null -eq $UserProfile) {
	Write-Verbose "The user $Username does not have a profile on this computer ($env:COMPUTERNAME)"
	Write-Verbose 'The credential check will take a bit longer, because the user profile will also be created for the 1st time.'
	}
	}

	# load the .net type for DirectoryServices
	if (-not ('System.DirectoryServices.AccountManagement.ContextType' -as [type])) {
	Add-Type -AssemblyName System.DirectoryServices.AccountManagement -ErrorAction Stop
	}

	# finally check the account
	$CtxType = [System.DirectoryServices.AccountManagement.ContextType]::$Context
	$Principal = [System.DirectoryServices.AccountManagement.PrincipalContext]::new($CtxType)
	$CanLogin = $Principal.ValidateCredentials($Username, $Password)

	# clean up
	$Principal.Dispose()

	# show the output
	Write-Output $CanLogin # <-- boolean
	}