Requirements: Title is the demand, want to use the Password library batch detection of weak passwords in the domain.
Solution: PowerShell to achieve, do not need third-party tools, not afraid of being stolen password.
This script requires 3 files, empty, located under D:/pwd
1 name.csv, save list of user names to be tested
2 Pwd.csv, save the list of passwords you need to test
3 Name2.csv, save the password for successful verification
The domain cannot limit the number of test passwords and must be run by an administrator
echo "This script requires 3 files, located under D:/pwd" echo "1 name.csv, save the list of user names to be tested " echo "2 Pwd.csv, save the password list that needs to be tested "echo " 3 name2.csv, save the password to verify successful "echo " domain cannot limit the number of test passwords, must be run by administrator "$files = (get-childitem d:\pwd\name2.csv) .pspath$content = get-content $filesImport-csv -path D:\pwd\name.csv | foreach { $bb = "{0}" -f $_.name$username = "tech\" + "$BB" import-csv -path d:\pwd\pwd.csv | foreach { $pwd 2 = "{0}" -f $_.pwd$pass = convertto-securestring -asplaintext $_.pwd -force$ Cred = new-object system.management.automation.pscredential ($UserName, $Pass) $dCred = $cred $dusername = $dCred .username$dpassword = $dCred. getnetworkcredential (). Password $currentDomain = "ldap://" + ([ADSI] ""). Distinguishedname$auth = new-object system.directoryservices.direcToryentry ($CurrentDomain, $dUserName, $dPassword) if ($auth .name -eq $null ) { # Write-Host current test user $bb current test password $pwd2 #Write-host "failed to verify password." -foregroundcolor ' Red ' } else { Write-Host Current test User $bb current test password $mysecret write-host "Password test success -> " $ ($auth. Name) -foregroundcolor ' green ' $a = "Password test successful -> $ username $mysecret " | out-file -append d:\pwd\name2.csv } } }
If a password is validated successfully, it is automatically appended to the D:\pwd\name2.csv, and the console displays the record in green.
In the above script, I commented out two lines, can show the password verification failed when the record is displayed in red, considering that the non-display will save memory, so commented out. This script uses a lot of PowerShell knowledge points, interested students can see for themselves.
This article is from the "Nine uncle-Microsoft Private Cloud" blog, please make sure to keep this source http://jiushu.blog.51cto.com/972756/1675200
PowerShell bulk check domain password weak password