?
Solved

How can you verify domain authentication using windows command-LINE?

Posted on 2012-03-12
11
Medium Priority
?
486 Views
Last Modified: 2012-03-20
What is a quick and dirty way to verify a username and password authenticates to a domain via a command line?

example:

user and password authenticate to domain > output
user and password do not authenticate to domain > output

No powershell - only windows native command line.
0
Comment
Question by:d_s_s
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +3
11 Comments
 
LVL 4

Expert Comment

by:veera
ID: 37712934
hi,

runas /user:username@domain.com cmd

it will prompt you for the password....
0
 
LVL 11

Expert Comment

by:rowansmith
ID: 37712939
Assuming you do not want to enter your password as cleartext on the command line you could use runas to verify the credentials.
0
 
LVL 2

Author Comment

by:d_s_s
ID: 37712970
Let me clarify more:

It has to be command-line driven.
No user interaction can happen (the password must be passed automatically).
Output must be stored.
Results must be interpreted (success or failure).
A variable must be stored with result.
(only windows xp / 7 native commands used.)
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 
LVL 11

Expert Comment

by:rowansmith
ID: 37713023
It can not be done.  There are no native commands on XP/ Vista / Win7 that can support these requirements.

Options:
1) Do something in Powershell
2) Write a custom program that calls the the CreateProcessWithLogonW function.
3) Find a program on the Internet which meets your requirements
0
 
LVL 26

Expert Comment

by:Leon Fester
ID: 37713273
The easiest way to test if a user is authenticatesd is to check if the user can access a network resource like the netlogon or sysvol share on your domain.

So you're verifying that the users is authenticated, but what do you want to do with that information?
Maybe the root question can be answered differently.

Maybe you just need to enable auditing on your logon/logoff processes to capture the information you want.
0
 
LVL 14

Expert Comment

by:Don Thomson
ID: 37714710
you can use this program - It's free and IF you pip the results as >>mylogs.txt is will show you all the successes and failures

http://www.joeware.net/freetools/tools/cpau/index.htm
0
 
LVL 10

Expert Comment

by:ReneGe
ID: 37722893
Their are different ways your question can be interpreted.

1) You want to know if a username and password can authenticate to the domain?
2) You want to know if a loged on user is with a domain account or a domain account?

You say:
>>way to verify a username and password authenticates to a domain
For example, the RUNAS above will help you to test if a user can authenticate to the domain.

>>Results must be interpreted (success or failure).
What is to be a success or failiure? See my two options above.

For the option two, I would use the "whoami" command.

If whoami does not work on XP, you may need to install the XP support tools:
http://www.microsoft.com/download/en/details.aspx?id=18546

I dont remember if whoami will output the fqdn of the domain or just the netbios name of the domain name. Just type whoami on a domain logged on user nad you will know.

@echo off
for /f "delims=" %%a in ('whoami ^| findstr -i "PutTheDomainNameHere"') do set val=%%a
if defined val (
  echo %val% on domain>>\\server\userslog\userslog.txt
) else (
   echo %val% not on domain>>\\server\userslog\userslog.txt
)
0
 
LVL 2

Author Comment

by:d_s_s
ID: 37731726
Thanks for your input.

I apologize for not writing more detail (flight to home base).

The computer is not yet joined to the domain. I have a share, which is available to all domain users, mapped as a username and password against a domain. I interpret the output for whether there was an error. Based on the result, I can direct appropriate action (success/fail). If the drive was unable to be mapped then there must be an error (ie:. network not available, bad login, etc).

This is for an environment where the machine has not yet been joined to the domain. I'm looking for something to verify authentication using "DOS" commands with no added applications (ie:. freeware, opensource).

This was oone way of achieving this.
0
 
LVL 10

Accepted Solution

by:
ReneGe earned 800 total points
ID: 37731884
net use Z: \\server\folder$ /user:user@domain password
IF %errorlevel% == 0 (ECHO SUCCESS) ELSE (ECHO ERROR)
0
 
LVL 2

Author Comment

by:d_s_s
ID: 37745591
ReneGe: I've created something similar before I read your comment. Great minds think alike I think. Thanks.
0
 
LVL 10

Expert Comment

by:ReneGe
ID: 37745614
Seems you were faster than me :)

Thanks for the points and cheers,
Rene
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
A hard and fast method for reducing Active Directory Administrators members.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question