function p4adauth
{param([string]$depotname,[string]$username,[string]$password,[switch]$flushcache)
	[boolean]$userInAuthGroup = $false
	$date = get-date
	#part 1. Retrieval and storage of ldap cache object.
	if (!$depotname) #give some sort of helpful 
	{
		write-error "A depot name is required to generate authentication data."
		break
	}
	else
	{
		try
		{
			$ldapCacheFileRoot = (gl | %{($_.path + "\p4authcache")}) #path where our statistics file lives.
			if ((test-path $ldapCacheFileRoot) -eq $false)
			{
				try
			{
					mkdir $ldapCacheFileRoot > $null
				}
				catch
				{
					write-error ("Could not create directory to ldap cache data. Error was:`r`n" + $error[0])
					break
				}	
			}
			$ldapCacheFile = $ldapCacheFileRoot + "\" + $depotname + ".ldapAuthCache.xml"
			if (test-path $ldapCacheFile)
			{
				$cacheAgeMinutes = ($date.Subtract((gci $ldapCacheFile).LastWriteTime)).TotalMinutes
			}
			else
			{
				write-warning "Creating initial LDAP cache file."
				$ldapCacheObject = p4get-adauthgroups $depotname #store ldap cache as object. This is a slow operation.
				$ldapCacheObject | Export-Clixml -force $ldapCacheFile #write object to file.
			}
			if ($cacheAgeMinutes -gt 30) #if the cache is 30 minutes out of date, re-cache data.
			{
				write-warning "Renewing LDAP Cache object since it is older than 30 minutes. This is a slow operation."
				$ldapCacheObject = p4get-adauthgroups $depotname #store ldap cache as object. This is a slow operation.
				$ldapCacheObject | Export-Clixml -force $ldapCacheFile #write object to file.
			}
			else
			{
				if ($flushcache)
				{
					write-warning "Renewing LDAP Cache."
					$ldapCacheObject = p4get-adauthgroups $depotname #store ldap cache as object. This is a slow operation.
					$ldapCacheObject | Export-Clixml -force $ldapCacheFile #write object to file.
					write-warning "LDAP Cache updated."
				}
				else
				{
					$ldapCacheObject = import-clixml $ldapCacheFile #try and get the file.
				}
			}
		}
		catch #couldn't load the file, maybe it's corrupt, not readable, or missing, or just a new cache file.
		{
			$message = "Could not load ldap cache " + $ldapCacheFile + " due to the following error.`r`n" + $error[0]
			write-verbose $message
			#Send-EventMessage -eventMessage $message -eventType "Error" -eventid 38020 -eventlogSource $eventLogSource
		}
		if (!$ldapCacheObject)#if no object was loaded from file, create manually.
		{
			$ldapCacheObject = p4get-adauthgroups $depotname #store ldap cache as object. This is a slow operation.
			$ldapCacheObject | Export-Clixml -force $ldapCacheFile #write object to file.
		}
	}
	#part 2. Attempt to locate the user we want to check against.
	if (!$flushcache) #if the flushcache switch is set, we will not perform any authentication checking.
	{
		try
		{
			$userObject = get-qaduser -samaccountname $username
		}
		catch
		{
			write-error ("Could not retrieve user from ldap directory. Error was:`r`n" + $error[0])
			break
		}
		if ($userObject)
		{
			$authGroupMemberships = $ldapCacheObject | ?{$_.members -eq $userObject.dn}
			if ($authGroupMemberships)
			{
				$userInAuthGroup = $true
			}
			else
			{
				
				write-error ("User in ldap, but not in depot auth groups.")
				break
			}
		}
		else
		{
			write-error ("Could not locate user " + $username + " in ldap directory.")
			break
		}
		#part 3. Attempt bind with user object.
		if (!$password)
		{
			$password = Read-HostMasked 
		}
		if ($userInAuthGroup = $true)
		{
			try
			{
				$bindResults = Connect-QADService -ConnectionAccount $userObject -ConnectionPassword (ConvertTo-SecureString $password -AsPlainText -Force)
			}
			catch
			{
				write-error "Incorrect password. LDAP bind failed."
				break
			}
		}
		else
		{
			write-error "Something went very wrong with the authentication function. Trapping and exiting with error."
			break
		}
		if ($bindResults)
		{
			$results = new-object pscustomobject
			add-member -inputobject $results -membertype NoteProperty -name userObject -value $userObject
			add-member -inputobject $results -membertype NoteProperty -name userInAuthGroup -value $userInAuthGroup
			add-member -inputobject $results -membertype NoteProperty -name bindResults -value $bindresults
			add-member -inputobject $results -membertype NoteProperty -name depot -value $depotname
			add-member -inputobject $results -membertype NoteProperty -name authGroupMatch -value ($authGroupMemberships | %{$_.name})
			$results
		}
	}
}

Function p4get-adauthgroups
{param([Parameter(Mandatory=$true)][string]$server)
	$adgroup = @()
	$authgroup = "p4" + $server
	$adgroup += get-qadgroupmember -indirect $authgroup | ?{$_.type -eq "group"} 
	$adgroup += get-qadgroup $authgroup
	$adgroup | sort-object -unique
}



function Read-HostMasked([string]$prompt="Password") {
  $password = Read-Host -AsSecureString $prompt;  
  $BSTR = [System.Runtime.InteropServices.marshal]::SecureStringToBSTR($password);
  $password = [System.Runtime.InteropServices.marshal]::PtrToStringAuto($BSTR);
  [System.Runtime.InteropServices.Marshal]::ZeroFreeBSTR($BSTR);
  return $password;
}