How can you verify domain authentication using windows command-LINE?

hi,

runas /user:username@domain.com cmd

it will prompt you for the password....

Assuming you do not want to enter your password as cleartext on the command line you could use runas to verify the credentials.

Let me clarify more:

It has to be command-line driven.
No user interaction can happen (the password must be passed automatically).
Output must be stored.
Results must be interpreted (success or failure).
A variable must be stored with result.
(only windows xp / 7 native commands used.)

It can not be done.  There are no native commands on XP/ Vista / Win7 that can support these requirements.

Options:
1) Do something in Powershell
2) Write a custom program that calls the the CreateProcessWithLogonW function.
3) Find a program on the Internet which meets your requirements

The easiest way to test if a user is authenticatesd is to check if the user can access a network resource like the netlogon or sysvol share on your domain.

So you're verifying that the users is authenticated, but what do you want to do with that information?
Maybe the root question can be answered differently.

Maybe you just need to enable auditing on your logon/logoff processes to capture the information you want.

you can use this program - It's free and IF you pip the results as >>mylogs.txt is will show you all the successes and failures

http://www.joeware.net/freetools/tools/cpau/index.htm

Their are different ways your question can be interpreted.

1) You want to know if a username and password can authenticate to the domain?
2) You want to know if a loged on user is with a domain account or a domain account?

You say:
>>way to verify a username and password authenticates to a domain
For example, the RUNAS above will help you to test if a user can authenticate to the domain.

>>Results must be interpreted (success or failure).
What is to be a success or failiure? See my two options above.

For the option two, I would use the "whoami" command.

If whoami does not work on XP, you may need to install the XP support tools:
http://www.microsoft.com/download/en/details.aspx?id=18546

I dont remember if whoami will output the fqdn of the domain or just the netbios name of the domain name. Just type whoami on a domain logged on user nad you will know.

@echo off
for /f "delims=" %%a in ('whoami ^| findstr -i "PutTheDomainNameHere"') do set val=%%a
if defined val (
  echo %val% on domain>>\\server\userslog\userslog.txt
) else (
   echo %val% not on domain>>\\server\userslog\userslog.txt
)

Thanks for your input.

I apologize for not writing more detail (flight to home base).

The computer is not yet joined to the domain. I have a share, which is available to all domain users, mapped as a username and password against a domain. I interpret the output for whether there was an error. Based on the result, I can direct appropriate action (success/fail). If the drive was unable to be mapped then there must be an error (ie:. network not available, bad login, etc).

This is for an environment where the machine has not yet been joined to the domain. I'm looking for something to verify authentication using "DOS" commands with no added applications (ie:. freeware, opensource).

This was oone way of achieving this.

ReneGe: I've created something similar before I read your comment. Great minds think alike I think. Thanks.

Seems you were faster than me :)

Thanks for the points and cheers,
Rene