Verifying Domain Account Passwords

by Feb 20, 2019

PowerShell can easily verify a password against a domain account. In other words, you can bind script logic to passwords maintained in Active Directory.

Here is the code required to send a password to AD and get back a Boolean value: $true if the password is correct, else $false:

# specify user name and user domain
$UserDomain = $env:USERDOMAIN
$UserName = $env:USERNAME
$Password = Read-Host -Prompt "Enter password to test"

# test password
Add-Type -AssemblyName System.DirectoryServices.AccountManagement 
$ContextType = [System.DirectoryServices.AccountManagement.ContextType]::Domain
$PrincipalContext = [System.DirectoryServices.AccountManagement.PrincipalContext]::new($ContextType, $UserDomain)

Note that this code requires an Active Directory and does not work with local accounts. By default, it uses your current account details. Adjust the $UserDomain, $UserName, and $Password variables accordingly. Note also that ValidateCredentials()checks clear-text string passwords. Be careful and do not store clear-text passwords in scripts. Also, better not ask users to enter passwords as clear text.

Your learning points:

  • PowerShell can easily connect to Active Directory and ask for a password validation – PowerShell Conference EU 2019 – June 4-7, Hannover Germany – visit There aren’t too many trainings around for experienced PowerShell scripters where you really still learn something new. But there’s one place you don’t want to miss: PowerShell Conference EU – with 40 renown international speakers including PowerShell team members and MVPs, plus 350 professional and creative PowerShell scripters. Registration is open at, and the full 3-track 4-days agenda becomes available soon. Once a year it’s just a smart move to come together, update know-how, learn about security and mitigations, and bring home fresh ideas and authoritative guidance. We’d sure love to see and hear from you!

Twitter This Tip! ReTweet this Tip!