Archive for November, 2017

Validate-WindowsCredential and Validate-LinuxCredential PowerShell functions

In the course of automation, you might need to validate credentials that a script would use to perform a set of complex tasks before the script is run. The Validate-WindowsCredential and Validate-LinuxCredential PowerShell functions are two of the latest additions to the SB-Tools PowerShell module that simplify this task.


The Validate-WindowsCredential function/cmdlet takes 2 parameters:

  1. ‘Credential’ which is a PSCredential object that can be obtained from the Get-Credential cmdlet of the Microsoft.PowerShell.Security, or the Get-SBCredential function of the SB-Tools PS module.
  2. ‘Session’ which is a PSSession object that can be obtained via the New-PSSession cmdlet of the Microsoft.PowerShell.Core

A simple example may look like:

$Session = New-PSSession -ComputerName -Credential (Get-SBCredential 'test\superuser')
Validate-WindowsCredential -Credential (Get-SBCredential '.\administrator') -Session $Session

The function returns TRUE if the provided credential (name/password set) was able to successfully authenticate in the provided remote PowerShell session, or FALSE if authentication fails.

The function can validate local accounts presented in the format ‘.\username’ or domain accounts presented in the format ‘domain\username’

The Validate-WindowsCredential function relies on the ValidateCredentials() method of the DirectoryServices.AccountManagement.PrincipalContext class


The Validate-LinuxCredential function/cmdlet is similar to the Validate-WindowsCredential function/cmdlet in that it takes the same 2 parameters:

  1. ‘Credential’ which is the same PSCredential object as before.
  2. ‘Session’ which is an SSH.SshSession object that can be obtained via the New-SSHSession cmdlet of the POSH-SSH PS module

A simple use example would look like:

$Session = New-SSHSession -ComputerName -Credential (Get-SBCredential 'opsuser') -AcceptKey
Validate-LinuxCredential -Credential (Get-SBCredential 'root') -Session $Session

Similarly, TRUE is returned if authentication is successful or FALSE if authentication fails.

It also displays additional information to the console such as the account hash.

Unlike the Validate-WindowsCredential cmdlet, the Validate-LinuxCredential cmdlet relies on reading and parsing the /etc/shadow file that has the hashes of user accounts of this Linux machine. The current revision of the cmdlet is designed to validate MD5 hashed accounts only. A possible enhancement is to add functionality to validate accounts hashed with other algorithms such as Blowfish and SHA

To use the SB-Tools PowerShell module which is available in the PowerShell Gallery, you need PowerShell 5. To view your PowerShell version, in an elevated PowerShell ISE window type


To download and install the latest version of SB-Tools from the PowerShell Gallery, type

Install-Module SB-Tools,POSH-SSH -Force

SB-Tools contains functions that depend on POSH-SSH module, and they’re typically installed together.

To load the SB-Tools and POSH-SSH modules type:

Import-Module SB-Tools,POSH-SSH -DisableNameChecking

To view a list of cmdlets/functions in SB-Tools, type

Get-Command -Module SB-Tools

To view the built-in help of one of the SB-Tools functions/cmdlets, type

help <function/cmdlet name> -show

such as

help Convert-IpAddressToMaskLength -show