How can you verify domain authentication using windows command-LINE?

What is a quick and dirty way to verify a username and password authenticates to a domain via a command line?

example:

user and password authenticate to domain > output
user and password do not authenticate to domain > output

No powershell - only windows native command line.
LVL 2
d_s_sAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

veeraCommented:
hi,

runas /user:username@domain.com cmd

it will prompt you for the password....
0
rowansmithCommented:
Assuming you do not want to enter your password as cleartext on the command line you could use runas to verify the credentials.
0
d_s_sAuthor Commented:
Let me clarify more:

It has to be command-line driven.
No user interaction can happen (the password must be passed automatically).
Output must be stored.
Results must be interpreted (success or failure).
A variable must be stored with result.
(only windows xp / 7 native commands used.)
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

rowansmithCommented:
It can not be done.  There are no native commands on XP/ Vista / Win7 that can support these requirements.

Options:
1) Do something in Powershell
2) Write a custom program that calls the the CreateProcessWithLogonW function.
3) Find a program on the Internet which meets your requirements
0
Leon FesterSenior Solutions ArchitectCommented:
The easiest way to test if a user is authenticatesd is to check if the user can access a network resource like the netlogon or sysvol share on your domain.

So you're verifying that the users is authenticated, but what do you want to do with that information?
Maybe the root question can be answered differently.

Maybe you just need to enable auditing on your logon/logoff processes to capture the information you want.
0
Don ThomsonCommented:
you can use this program - It's free and IF you pip the results as >>mylogs.txt is will show you all the successes and failures

http://www.joeware.net/freetools/tools/cpau/index.htm
0
ReneGeCommented:
Their are different ways your question can be interpreted.

1) You want to know if a username and password can authenticate to the domain?
2) You want to know if a loged on user is with a domain account or a domain account?

You say:
>>way to verify a username and password authenticates to a domain
For example, the RUNAS above will help you to test if a user can authenticate to the domain.

>>Results must be interpreted (success or failure).
What is to be a success or failiure? See my two options above.

For the option two, I would use the "whoami" command.

If whoami does not work on XP, you may need to install the XP support tools:
http://www.microsoft.com/download/en/details.aspx?id=18546

I dont remember if whoami will output the fqdn of the domain or just the netbios name of the domain name. Just type whoami on a domain logged on user nad you will know.

@echo off
for /f "delims=" %%a in ('whoami ^| findstr -i "PutTheDomainNameHere"') do set val=%%a
if defined val (
  echo %val% on domain>>\\server\userslog\userslog.txt
) else (
   echo %val% not on domain>>\\server\userslog\userslog.txt
)
0
d_s_sAuthor Commented:
Thanks for your input.

I apologize for not writing more detail (flight to home base).

The computer is not yet joined to the domain. I have a share, which is available to all domain users, mapped as a username and password against a domain. I interpret the output for whether there was an error. Based on the result, I can direct appropriate action (success/fail). If the drive was unable to be mapped then there must be an error (ie:. network not available, bad login, etc).

This is for an environment where the machine has not yet been joined to the domain. I'm looking for something to verify authentication using "DOS" commands with no added applications (ie:. freeware, opensource).

This was oone way of achieving this.
0
ReneGeCommented:
net use Z: \\server\folder$ /user:user@domain password
IF %errorlevel% == 0 (ECHO SUCCESS) ELSE (ECHO ERROR)
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
d_s_sAuthor Commented:
ReneGe: I've created something similar before I read your comment. Great minds think alike I think. Thanks.
0
ReneGeCommented:
Seems you were faster than me :)

Thanks for the points and cheers,
Rene
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows XP

From novice to tech pro — start learning today.