Verifying Domain Account Passwords

PowerShell can easily verify a password against a domain account. In other words, you can bind script logic to passwords maintained in Active Directory.

Here is the code required to send a password to AD and get back a Boolean value: $true if the password is correct, else $false:

# specify user name and user domain
$UserDomain = $env:USERDOMAIN
$UserName = $env:USERNAME
$Password = Read-Host -Prompt "Enter password to test"

# test password
Add-Type -AssemblyName System.DirectoryServices.AccountManagement 
$ContextType = [System.DirectoryServices.AccountManagement.ContextType]::Domain
$PrincipalContext = [System.DirectoryServices.AccountManagement.PrincipalContext]::new($ContextType, $UserDomain)

Note that this code requires an Active Directory and does not work with local accounts. By default, it uses your current account details. Adjust the $UserDomain, $UserName, and $Password variables accordingly. Note also that ValidateCredentials()checks clear-text string passwords. Be careful and do not store clear-text passwords in scripts. Also, better not ask users to enter passwords as clear text.

Your learning points:

  • PowerShell can easily connect to Active Directory and ask for a password validation – PowerShell Conference EU 2019 – June 4-7, Hannover Germany – visit There aren’t too many trainings around for experienced PowerShell scripters where you really still learn something new. But there’s one place you don’t want to miss: PowerShell Conference EU – with 40 renown international speakers including PowerShell team members and MVPs, plus 350 professional and creative PowerShell scripters. Registration is open at, and the full 3-track 4-days agenda becomes available soon. Once a year it’s just a smart move to come together, update know-how, learn about security and mitigations, and bring home fresh ideas and authoritative guidance. We’d sure love to see and hear from you!

Twitter This Tip! ReTweet this Tip!

GD Star Rating