Solved

How can you verify domain authentication using windows command-LINE?

Posted on 2012-03-12
11
480 Views
Last Modified: 2012-03-20
What is a quick and dirty way to verify a username and password authenticates to a domain via a command line?

example:

user and password authenticate to domain > output
user and password do not authenticate to domain > output

No powershell - only windows native command line.
0
Comment
Question by:d_s_s
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +3
11 Comments
 
LVL 4

Expert Comment

by:veera
ID: 37712934
hi,

runas /user:username@domain.com cmd

it will prompt you for the password....
0
 
LVL 11

Expert Comment

by:rowansmith
ID: 37712939
Assuming you do not want to enter your password as cleartext on the command line you could use runas to verify the credentials.
0
 
LVL 2

Author Comment

by:d_s_s
ID: 37712970
Let me clarify more:

It has to be command-line driven.
No user interaction can happen (the password must be passed automatically).
Output must be stored.
Results must be interpreted (success or failure).
A variable must be stored with result.
(only windows xp / 7 native commands used.)
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 11

Expert Comment

by:rowansmith
ID: 37713023
It can not be done.  There are no native commands on XP/ Vista / Win7 that can support these requirements.

Options:
1) Do something in Powershell
2) Write a custom program that calls the the CreateProcessWithLogonW function.
3) Find a program on the Internet which meets your requirements
0
 
LVL 26

Expert Comment

by:Leon Fester
ID: 37713273
The easiest way to test if a user is authenticatesd is to check if the user can access a network resource like the netlogon or sysvol share on your domain.

So you're verifying that the users is authenticated, but what do you want to do with that information?
Maybe the root question can be answered differently.

Maybe you just need to enable auditing on your logon/logoff processes to capture the information you want.
0
 
LVL 14

Expert Comment

by:Don Thomson
ID: 37714710
you can use this program - It's free and IF you pip the results as >>mylogs.txt is will show you all the successes and failures

http://www.joeware.net/freetools/tools/cpau/index.htm
0
 
LVL 10

Expert Comment

by:ReneGe
ID: 37722893
Their are different ways your question can be interpreted.

1) You want to know if a username and password can authenticate to the domain?
2) You want to know if a loged on user is with a domain account or a domain account?

You say:
>>way to verify a username and password authenticates to a domain
For example, the RUNAS above will help you to test if a user can authenticate to the domain.

>>Results must be interpreted (success or failure).
What is to be a success or failiure? See my two options above.

For the option two, I would use the "whoami" command.

If whoami does not work on XP, you may need to install the XP support tools:
http://www.microsoft.com/download/en/details.aspx?id=18546

I dont remember if whoami will output the fqdn of the domain or just the netbios name of the domain name. Just type whoami on a domain logged on user nad you will know.

@echo off
for /f "delims=" %%a in ('whoami ^| findstr -i "PutTheDomainNameHere"') do set val=%%a
if defined val (
  echo %val% on domain>>\\server\userslog\userslog.txt
) else (
   echo %val% not on domain>>\\server\userslog\userslog.txt
)
0
 
LVL 2

Author Comment

by:d_s_s
ID: 37731726
Thanks for your input.

I apologize for not writing more detail (flight to home base).

The computer is not yet joined to the domain. I have a share, which is available to all domain users, mapped as a username and password against a domain. I interpret the output for whether there was an error. Based on the result, I can direct appropriate action (success/fail). If the drive was unable to be mapped then there must be an error (ie:. network not available, bad login, etc).

This is for an environment where the machine has not yet been joined to the domain. I'm looking for something to verify authentication using "DOS" commands with no added applications (ie:. freeware, opensource).

This was oone way of achieving this.
0
 
LVL 10

Accepted Solution

by:
ReneGe earned 200 total points
ID: 37731884
net use Z: \\server\folder$ /user:user@domain password
IF %errorlevel% == 0 (ECHO SUCCESS) ELSE (ECHO ERROR)
0
 
LVL 2

Author Comment

by:d_s_s
ID: 37745591
ReneGe: I've created something similar before I read your comment. Great minds think alike I think. Thanks.
0
 
LVL 10

Expert Comment

by:ReneGe
ID: 37745614
Seems you were faster than me :)

Thanks for the points and cheers,
Rene
0

Featured Post

Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question