Script

PowerShell: Test Domain User Account Credentials Test-UserCredentials.ps1

This script will check if the password for a given username is correct.
If the authentication failed using the provided Domain\Username and Password, The script will do some checks and provide clues why the authentication failed.
The checks are:

  • Domain is reachable.
  • User Name exists in the domain.
  • The account is Enabled.
  • The account is Unlocked.

You can run the script from powershell as .\Test-UserCredentials.ps1 or Right click the script and select “Run with PowerShell”,
The script will ask for the user credentials as Domain\Username, and Password in a friendly Windows authentication window, and report the status of the combination.
Screenshots:

Get User Input:
11_02_00-Windows PowerShell

Example for correct username and password
2015-12-22 15_40_43-Windows PowerShell

Example for failed authentication due to: domain is not found/unreachable:
2015-12-22 15_43_15-Windows PowerShell

Example for failed authentication due to: User Name does not exist:
2015-12-22 15_45_40-Windows PowerShell

Example for failed authentication due to: User Account is disabled:
2015-12-22 15_47_29-Windows PowerShell

Example for failed authentication due to Locked out User account:
2015-12-31 10_13_51-Windows PowerShell

Example for failed authentication mostly due to wrong password:
2015-12-28 10_22_50-Windows PowerShell

Download from TechNet Gallery: https://gallery.technet.microsoft.com/PowerShell-Test-Domain-b71cc520

Advertisements

Remove UM DialPlan Associated with UM IP Gateway for Exchange UM and Lync Integration

Removing DialPlan that is associated with UM IP Gateway (after running ExchUCUtil.ps1 scrip …etc) is not a Next,Next, Finish task as deleting a standard DialPlans.

Andrew Morpeth explained how to do this with details in this very helpful article here: https://ucgeek.co/2014/04/removing-exchange-2013-um-dial-plan/

Below is my attempt to provide an alternate approach to the Powershell script provided in above article (You need to provide the DIalPlan Name in the first line):

$UMDialPlan = "<YourDialPlanName>"
Get-UMMailboxPolicy | where {$_.UMDialPlan -eq $UMDialPlan} | FL Name, UMDialPlan
Get-UMMailboxPolicy | where {$_.UMDialPlan -eq $UMDialPlan} | Remove-UMMailboxPolicy
Get-UMHuntGroup | where {$_.UMDialPlan -eq $UMDialPlan}
Get-UMHuntGroup | where {$_.UMDialPlan -eq $UMDialPlan} | Remove-UMHuntGroup
Get-UMService | where {$_.DialPlans -contains $UMDialPlan} | FL Name, DialPlans
Get-UMService | where {$_.DialPlans -contains $UMDialPlan} | Set-UMService -DialPlans @{Remove="$UMDialPlan"}
Get-UMService | Get-UMCallRouterSettings | where {$_.DialPlans -contains $UMDialPlan} | FL Identity, DialPLans
Get-UMService | Get-UMCallRouterSettings | where {$_.DialPlans -contains $UMDialPlan} | Set-UMCallRouterSettings -DialPlans @{Remove=$UMDialPlan}
Remove-UMDialPlan -Identity $UMDialPlan 

Test If AD User Name and Password Combination are Correct

—UPDATE#1—
Check my enhanced PowerShell script that do the same task as here, and more…: https://ibrahimsolimanblog.wordpress.com/2015/09/10/powershell-test-domain-user-account-credentials-test-usercredentials-ps1/

—Original Post—
This neat VBS script will test the active directory authentication for a given user name and password. and It will tell you if it succeeded or failed with which error.

I used to use Run-AS to test the authentication, but sometimes the user will not have the permissions to access the machine I’m testing on, and I will receive a non clear error.

Now, to the script:

Set objNetwork = CreateObject("WScript.Network")
strDomain = objNetwork.UserDomain
Const ADS_SECURE_AUTHENTICATION = 1
strUsername=InputBox("Enter Username:")
strPassword=InputBox("Enter Password:")
Set objDS = GetObject("LDAP:")
On Error Resume Next
Set objDomain = objDS.OpenDSObject("LDAP://" & strDomain, strUsername, strPassword, ADS_SECURE_AUTHENTICATION)
If Err.Number Then
    WScript.Echo _
    "For user:" & vbCrLf & _
    "   " & strDomain & "\" & strUsername & vbCrLf & _ 
    "Error Number:" & vbCrLf & _
    "   " & Err.Number & vbCrLf & _
    "Error Description:" & vbCrLf & _
    "   " & Err.Description
Else
    WScript.Echo _
    "Valid password entered for user" & vbCrLf & _
    "   " & strDomain & "\" & strUsername
End If
On Error Goto 0

Run it, Provide the user name (Without providing the domain name), then provide the password, and get the result.

Source: http://stackoverflow.com/questions/3856479/testing-username-password-against-active-directory-domain-in-vbscript

[Powershell] Remove Spaces from User Input if you will Build an Array

In one of the scripts I came across, The users have  to input IP addresses in the form of: IP1,IP2,IP3,…etc. The Powershell script will take this input and build an array to be passed to NETSH and other network commands. The problem is, the users will for different reasons enter the IPs in the form of: IP1, IP2, IP3, … adding an extra space after “,” sometimes there’s a leading or trailing spaces from copy and paste from other places. The result is ==> the network commands was failing to process these extra spaces. Anyway, to solve this, and to avoid similar situations, When you are getting a variable from users, it’s a good practice to do some cleanup, because you will never know what users will enter. One good example, is to utilize –replace parameter with \s to remove all spaces, tabs So:

$Param = "   10.10.10.1            ,  10.10.10.2           ,  10.10.10.3    "

#You clean it up by:
$Param = $Param -replace '\s',''

#This will make:
$Param

#Returns:
10.10.10.1,10.10.10.2,10.10.10.3

UPDATE#1:
It also worth mentioning that, If you only want to remove the leading and trailing spaces from the users input, Use the Trim() method. So:

$Param = "   First Name Last Name    "

#You clean it up by:
$Param = $Param.trim()

#This will make:
$Param

#Returns:
First Name Last Name

[Batch] Backup Entire Folder with Current Date and Time

During my work on documentations, I usually will need to take different  snapshots of the current documentations folder at every milestone.

This batch will ask you for the folder you want to backup, then will create a new folder inside this folder named “AutoBackup” –> then will create a new folder with the current date and time inside this AutoBackup folder.

@Echo off
SETLOCAL
SET /P BackupPath=Please Enter the Folder Path to Backup:
MD "%BackupPath%\AutoBackup"
Set FolderNameFull=%BackupPath%\AutoBackup\%date:/=-%_%time::=%
Set FolderNameFinal=%FolderNameFull:~0,-5%
MD "%FolderNameFinal%"
Robocopy "%BackupPath%" "%FolderNameFinal%" /E /XD *AutoBackup
ENDLOCAL
Pause

PowerShell: Find the LDAP address from a User Account

LDAP-Address.ps1

Import-Module ActiveDirectory
$Account = Read-Host 'Enter User Account'
$DN = Get-ADuser $Account
Write-Host LDAP://$DN

Run the script from your domain controller.
LDAP-Address.ps1

The script will ask you for the user logon name, and will display the relative LDAP address in the form of: LDAP://CN=………,OU=…..,OU=………,DC=…….,DC=…..

One-Liner: Move Multible Users to a Specific OU (Powershell)

This PowerShell command will read the users’ alias from a text file, and will move them to a specific OU.

Preparation:
  • On you domain controller, create a text file at C:\MoveUsers\Users.txt
  • In Users.txt add users aliases one per each line.
  • Get the DN for the destination OU, one easy common way, is to open ADSI Edit, expand the tree on the left till you reach the desired OU –> in the properties of the OU you will get the OU DN.
  • Open PowerShell and import the Active Directory Module:
Import-Module ActiveDirectory
The Command:
Get-Content C:\MoveUsers\Users.txt | Foreach{Get-ADUser $_ | Move-ADObject -TargetPath "OU=HR Users,OU=Users,DC=Masry,DC=Lab"}

Replace OU=HR Users,OU=Users,DC=Masry,DC=Lab with your OU DN obtained previously.