Check login credentials for a computer user

Member_2_5306354
Member_2_5306354 used Ask the Experts™
on
I would like to check the login credentials for any user, to see if it's still the same password or if it has changed,.
A script would be beneficial or a program.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
View Solutions Only
Wesley MillerComputer Network Analyst

Commented:
Is this for a Local Account , Active Directory  , or Azure Account ?
Member_2_5306354

Author

Commented:
This is for Active Directory, on a Windows Server 2016
Michael B. SmithManaging Consultant

Commented:
This tells you when a password was last set for a given user:

$date = [DateTime]( get-aduser michael.smith -prop pwdLastSet ).pwdLastSet
$date = $date.AddYears( 1600 ).ToLocalTime()
$date

Open in new window

Why Diversity in Tech Matters

Kesha Williams, certified professional and software developer, explores the imbalance of diversity in the world of technology -- especially when it comes to hiring women. She showcases ways she's making a difference through the Colors of STEM program.

Read More
Member_2_5306354

Author

Commented:
Thanks Michael, is this a script?  If yes, what type is it?
Michael B. SmithManaging Consultant

Commented:
Yes. That's PowerShell using the ActiveDirectory module.
Shaun VermaakTechnical Specialist
Awarded 2017
Distinguished Expert 2018

Commented:
Use DSInternals to pull the user hash and compare it against the previously found hash. pwdLastSet will not be accurate if someone bypasses security and use the same password
https://www.experts-exchange.com/articles/32998/Two-way-Password-Synchronization-from-one-Active-Directory-Domain-to-another-using-DSInternals.html
Member_2_5306354

Author

Commented:
Michael, the Powershell script does not work for me, however thank you.
Commented:
@Echo Off

set INPUT1=
set INPUT2=
set INPUT3=
set /P INPUT1=Domain: %=%
set /P INPUT2=Username: %=%
C:\Windows\System32\runas.exe /noprofile /user:%INPUT1%\%INPUT2% "notepad"

The above script works and if successful will open notepad
Shaun VermaakTechnical Specialist
Awarded 2017
Distinguished Expert 2018
Commented:
Ah, now I get what you want. Save this as CheckCredentials.vbs

Option Explicit

Const ADS_SECURE_AUTHENTICATION = 1

On Error Resume Next

Dim strDomain
Dim strUserName
Dim strPassword
Dim objIADS

strDomain = Wscript.Arguments.Named("Domain")
strUserName = Wscript.Arguments.Named("UserName")
strPassword = Wscript.Arguments.Named("Password")


Set objIADS = GetObject("WinNT:").OpenDSObject("WinNT://" & strDomain, strUsername, strPassword, ADS_SECURE_AUTHENTICATION)

If Err.Number = 0 Then
    WScript.Echo strUserName & vbTab & "Good password"
Else
   'Bad password
End If

Open in new window


The run this
CheckCredentials.vbs /Domain:YourDomain /UserName:JSmith /Password:Password1

Open in new window


You can build a list in Excel where usernames are in A1 and then this in B1
="CheckCredentials.vbs /Domain:YourDomain /UserName:" & A1 & " /Password:Password1"

Open in new window


Then copy all B column values and run
Member_2_5306354

Author

Commented:
I thought this worked but it does not.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial