Solved

How can you verify domain authentication using windows command-LINE?

Posted on 2012-03-12
11
471 Views
Last Modified: 2012-03-20
What is a quick and dirty way to verify a username and password authenticates to a domain via a command line?

example:

user and password authenticate to domain > output
user and password do not authenticate to domain > output

No powershell - only windows native command line.
0
Comment
Question by:d_s_s
  • 3
  • 3
  • 2
  • +3
11 Comments
 
LVL 4

Expert Comment

by:veera
ID: 37712934
hi,

runas /user:username@domain.com cmd

it will prompt you for the password....
0
 
LVL 11

Expert Comment

by:rowansmith
ID: 37712939
Assuming you do not want to enter your password as cleartext on the command line you could use runas to verify the credentials.
0
 
LVL 2

Author Comment

by:d_s_s
ID: 37712970
Let me clarify more:

It has to be command-line driven.
No user interaction can happen (the password must be passed automatically).
Output must be stored.
Results must be interpreted (success or failure).
A variable must be stored with result.
(only windows xp / 7 native commands used.)
0
 
LVL 11

Expert Comment

by:rowansmith
ID: 37713023
It can not be done.  There are no native commands on XP/ Vista / Win7 that can support these requirements.

Options:
1) Do something in Powershell
2) Write a custom program that calls the the CreateProcessWithLogonW function.
3) Find a program on the Internet which meets your requirements
0
 
LVL 26

Expert Comment

by:Leon Fester
ID: 37713273
The easiest way to test if a user is authenticatesd is to check if the user can access a network resource like the netlogon or sysvol share on your domain.

So you're verifying that the users is authenticated, but what do you want to do with that information?
Maybe the root question can be answered differently.

Maybe you just need to enable auditing on your logon/logoff processes to capture the information you want.
0
 
LVL 14

Expert Comment

by:Don Thomson
ID: 37714710
you can use this program - It's free and IF you pip the results as >>mylogs.txt is will show you all the successes and failures

http://www.joeware.net/freetools/tools/cpau/index.htm
0
 
LVL 10

Expert Comment

by:ReneGe
ID: 37722893
Their are different ways your question can be interpreted.

1) You want to know if a username and password can authenticate to the domain?
2) You want to know if a loged on user is with a domain account or a domain account?

You say:
>>way to verify a username and password authenticates to a domain
For example, the RUNAS above will help you to test if a user can authenticate to the domain.

>>Results must be interpreted (success or failure).
What is to be a success or failiure? See my two options above.

For the option two, I would use the "whoami" command.

If whoami does not work on XP, you may need to install the XP support tools:
http://www.microsoft.com/download/en/details.aspx?id=18546

I dont remember if whoami will output the fqdn of the domain or just the netbios name of the domain name. Just type whoami on a domain logged on user nad you will know.

@echo off
for /f "delims=" %%a in ('whoami ^| findstr -i "PutTheDomainNameHere"') do set val=%%a
if defined val (
  echo %val% on domain>>\\server\userslog\userslog.txt
) else (
   echo %val% not on domain>>\\server\userslog\userslog.txt
)
0
 
LVL 2

Author Comment

by:d_s_s
ID: 37731726
Thanks for your input.

I apologize for not writing more detail (flight to home base).

The computer is not yet joined to the domain. I have a share, which is available to all domain users, mapped as a username and password against a domain. I interpret the output for whether there was an error. Based on the result, I can direct appropriate action (success/fail). If the drive was unable to be mapped then there must be an error (ie:. network not available, bad login, etc).

This is for an environment where the machine has not yet been joined to the domain. I'm looking for something to verify authentication using "DOS" commands with no added applications (ie:. freeware, opensource).

This was oone way of achieving this.
0
 
LVL 10

Accepted Solution

by:
ReneGe earned 200 total points
ID: 37731884
net use Z: \\server\folder$ /user:user@domain password
IF %errorlevel% == 0 (ECHO SUCCESS) ELSE (ECHO ERROR)
0
 
LVL 2

Author Comment

by:d_s_s
ID: 37745591
ReneGe: I've created something similar before I read your comment. Great minds think alike I think. Thanks.
0
 
LVL 10

Expert Comment

by:ReneGe
ID: 37745614
Seems you were faster than me :)

Thanks for the points and cheers,
Rene
0

Join & Write a Comment

Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
YESTERDAY YESTERDAY.BAT is inspired by a previous article I wrote entitled: TOMORROW.BAT (http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/MS_DOS/A_4196-Advanced-Batch-File-Programming-TOMORROW-BAT.html). The crux of this batch f…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now