
   Tests provided credentials against either the local machine or a domain controller
   Tests provided credentials against either the local machine or a domain controller
   Tests provided credentials against either the local machine or a domain controller
   PS>Test-IcingaRESTCredentials $UserName $SecureUser -Password $SecurePassword;
   PS>Test-IcingaRESTCredentials $UserName $SecureUser -Password $SecurePassword -Domain 'Example';
   The username to use for login as SecureString
   The password to use for login as SecureString
   The domain to use for login as string

function Test-IcingaRESTCredentials()
    param (

    Add-Type -AssemblyName System.DirectoryServices.AccountManagement;

    # Base handling: We try to authenticate against a local user on the machine
    [string]$AuthMethod = [System.DirectoryServices.AccountManagement.ContextType]::Machine;
    [string]$AuthDomain = $env:COMPUTERNAME;

     # If we specify a domain, we should authenticate against our Domain
    if ([string]::IsNullOrEmpty($Domain) -eq $FALSE) {
        $AuthMethod = [System.DirectoryServices.AccountManagement.ContextType]::Domain;
        $AuthDomain = $Domain;

    try {
        # Create an Account Management object based on the above determined settings
        $AccountService = New-Object System.DirectoryServices.AccountManagement.PrincipalContext(
    } catch {
        # Regardless of the error, print the message and return false to prevent further execution
        Write-IcingaEventMessage -EventId 1560 -Namespace 'Framework' -Objects $_.Exception;
        return $FALSE;

    # In case we couldn't setup the Account Service, always return false
    if ($null -eq $AccountService) {
        return $FALSE;

    try {
        # Try to authenticate and either return true or false as integer
        [bool]$AuthResult = [int]($AccountService.ValidateCredentials(
            (ConvertFrom-IcingaSecureString $UserName),
            (ConvertFrom-IcingaSecureString $Password)

        return $AuthResult;
    } catch {
        Write-IcingaEventMessage -EventId 1561 -Namespace 'Framework' -Objects $_.Exception;

    return $FALSE;