Categories

User Module – local account

Back in February - http://richardsiddaway.spaces.live.com/blog/cns!43CFA46A74CF3E96!2099.entry – I showed a module I had created to generate a new password.  Its time to return to that module.  I am going to expand it to work with local user accounts. Then I’ll add AD accounts.

I have a script that I wrote a while back to work with local accounts

 

001
002
003
004
005
006
007
008
009
010
011
012
013
014
015
016
017
018
019
020
021
022
023
024
025
## To create a user on the local machine
## add the assembly
Add-Type -AssemblyName System.DirectoryServices.AccountManagement

## create a password
$password = Read-Host "Password" -AsSecureString
$cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "userid", $password


## create the context i.e. connect to the domain
$ctype = [System.DirectoryServices.AccountManagement.ContextType]::Machine
$context = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext -ArgumentList $ctype, "pcrs2"

## create the user object
$usr = New-Object -TypeName System.DirectoryServices.AccountManagement.UserPrincipal -ArgumentList $context

## set the properties
$usr.SamAccountName = "Newuser1"
$usr.SetPassword($cred.GetNetworkCredential().Password)
$usr.DisplayName = "New User"
$usr.Enabled = $true
$usr.ExpirePasswordNow()

## save the user
$usr.Save()

 

Add-Type is PowerShell v2 and you will need .NET 3 to use the Accountmanagement classes.  Given where we are in the Windows 7 lifecycle (a feeding frenzy in the press over when the RC will ship) I will be concentrating on PS 2

The script reads a password (we’ll replace that with a call to new-password) and uses the Accountmanagement classes to create the user account

The line

Add-Type -AssemblyName System.DirectoryServices.AccountManagement

becomes

# Assemblies that must be loaded prior to importing this module
RequiredAssemblies = @("System.DirectoryServices.AccountManagement")

in the module manifest.  This is good as I load it once and it will be available for all of my functions.

## create a password
$password = Read-Host "Password" –AsSecureString

becomes

$password = ConvertTo-SecureString -String $(new-password 8) -AsPlainText -Force

for a standard password. I’ll put switch parameters in later for a stronger password

so as a first pass the function looks like this

001
002
003
004
005
006
007
008
009
010
011
012
013
014
015
016
017
018
019
020
021
022
023
024
025
026
027
028
029
030
031
032
033
function new-user {
    [CmdletBinding()]
    param (
        [Parameter(Position=0,HelpMessage="The loginid")]
        [string]$id , 
       
        [Parameter(Position=1,HelpMessage="The Display name")]
        [string]$name 
       
    )   
    ## create a password
    $password = ConvertTo-SecureString -String $(new-password 8) -AsPlainText -Force
    $cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "userid", $password

    ## get the machine
    $pc = $env:computername
    ## create the context i.e. connect to the domain
    $ctype = [System.DirectoryServices.AccountManagement.ContextType]::Machine
    $context = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext -ArgumentList $ctype, $pc

    ## create the user object
    $usr = New-Object -TypeName System.DirectoryServices.AccountManagement.UserPrincipal -ArgumentList $context

    ## set the properties
    $usr.SamAccountName = $id
    $usr.SetPassword($cred.GetNetworkCredential().Password)
    $usr.DisplayName = $name
    $usr.Enabled = $true
    $usr.ExpirePasswordNow()

    ## save the user
    $usr.Save()   
}

 

We can look at groups next.

Leave a Reply