While Function - Loop on failure to match input password for new AD user creation script

Question

I am creating a script with basic variables to create users in AD via PS7 rather than remoting in to AD and manually creating. It runs through several questions and then my script will run at the end to create the AD user.

This is the very original starting block when I didn't know of while loop

 $NewPassword = (Read-Host -Prompt 'Please enter User New Password' -AsSecureString)
 $NewPasswordMatch = (Read-Host -Prompt 'Please re-enter User New Password' -AsSecureString)

 $newp1 = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($NewPassword))
 $newp2 = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($NewPasswordMatch))

 if ($newp1 -CEQ $newp2) {
 Write-Host "Passwords matched" -ForegroundColor Green
 } else {
 Write-Host "Passwords incorrect - please reset in AD once user is 
 created" -ForegroundColor Red
 }

I have everything pretty much in place for basics but I am struggling with the password loop function. I got it at one point to loop but it would not write host "Passwords do not match, please try again". I've played with it so much now I haven't been able to get it back to that so asking for help and hoping I have made a silly mistake that I have gone code blind to see.

• I am asking for the technician to enter a users password twice to ensure there are no typos
• I have the script working to check if PW1 matches PW2.
• I can get it to check, and produce a screen prompt of 'OK' or 'Not OK'
• I can not get it to advise 'Passwords don't match' and then loop back to the top to have the technician enter them again until it is correct. At the point of it being correct it will move on to the next bit of script

I am very new to PowerShell, self taught other than online webinars and books and I understand the premise of While, but not 100% understanding the catch. This script is prior to the AD account being created, the full script IS to create it once you get to the last question. Where after that it will run new-aduser etc etc.

while( $true){ 

$NewPassword = (Read-Host -Prompt 'Please enter User New Password' -AsSecureString)
$NewPasswordMatch = (Read-Host -Prompt 'Please re-enter User New Password' -AsSecureString)

$newp1 = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($NewPassword))
$newp2 = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($NewPasswordMatch))
try{
     if ($newp1 -CEQ $newp2){
     Write-Host "Password Accepted" -ForegroundColor Green
        }
    Break
    }
catch{
    Write-Host "Passwords do not match, please try again" -ForegroundColor Red
    }
}

Answer 1

Wrap the logic into two functions and use the script scope to make it loop or not based on the passwords matching including its case sensitivity. You could omit using the try{}catch{} block for that logic as it's not really needed. So replace the logic for that part with this and you should be all set.

PowerShell

Function SetPass(){
    $NewPassword = (Read-Host -Prompt 'Please enter User New Password' -AsSecureString)
    $NewPasswordMatch = (Read-Host -Prompt 'Please re-enter User New Password' -AsSecureString)
    
    $script:newp1 = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($NewPassword))
    $script:newp2 = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($NewPasswordMatch))
    PassMatch
}

Function PassMatch(){
    if($newp1 -cmatch $newp2){Write-Host "Password Accepted" -ForegroundColor Green}
    if($newp1 -cnotmatch $newp2){Write-Host "Passwords do not match, please try again" -ForegroundColor Red;setpass}
    }
SetPass;

Write-Host "Run rest of logic" -ForegroundColor Yellow;

Answer 2

Honestly, I'd let the script generate a password for you and just display that. It will also ensure that the password is safe enough and not guessable.

This is a simple script that creates good passwords:

function CreatePassword
{
        $cap = "BCDFGHJKLMNPQRSTVWXYZ".ToCharArray()
        $let = "bcdfghjklmnpqrstvwxz".ToCharArray()
        $vow = "aeiou".ToCharArray()
        $pw = (get-random -InputObject $cap)
        $pw = $pw + (get-random -InputObject $vow)
        $pw = $pw + (get-random -InputObject $let)
        $pw = $pw + (get-random -InputObject $vow)
        $pw = $pw + (get-random -Minimum 1111 -Maximum 9999)

        return $pw
}

$password = CreatePassword

write-host "The password is: $password"

But if you really want to go the ask for a password loop kind of situation, the following script would work:

function AskForAPassword
{
    $passwordsmatch = $false
    while( $passwordsmatch -eq $false)
    {
        $password1 = read-host "Please enter a new password"
        $password2 = read-host "Please enter the password again"
        if( $password1 -eq $password2)
        {
            write-host "The passwords match." -ForegroundColor green
            $passwordsmatch = $true
        }
        else
        {
            write-host "The passwords did not match. Please try again." -ForegroundColor red
        }
    }

    return $password1 | ConvertTo-SecureString -AsPlainText -Force
}

$password = AskForAPassword

write-host "The password is: $password"

Note, as I convert the password to a secure string, the script will print: The password is: system.security.securestring