Unix Server Tech Knowledge Base

User Tools

Site Tools

Trace:
microsoft_windows:adduser_powershell

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
microsoft_windows:adduser_powershell [2025/05/24 23:44] rodolicomicrosoft_windows:adduser_powershell [2025/05/25 01:24] (current) rodolico
Line 55: Line 55:
   * $key: Replace the comma separated integers with the 32 integers in the file aes.key   * $key: Replace the comma separated integers with the 32 integers in the file aes.key
   * $securePassword: Replace //contents of encrypted_password.txt// with the contents of the file encrypted_password.txt   * $securePassword: Replace //contents of encrypted_password.txt// with the contents of the file encrypted_password.txt
 +  * $fullName: This is the diplay name of the user
 +  * $description: An optional Description of the user (defaults to Added by script)
 +  * $localGroup: Group to add the user so (only one group)
 +
  
 <code powershell updateUser.ps1> <code powershell updateUser.ps1>
Line 90: Line 94:
 # Note: The encrypted key will end with '==' if it is base64 encoded. # Note: The encrypted key will end with '==' if it is base64 encoded.
 $securePassword = 'contents of encrypted_password.txt' | ConvertTo-SecureString -Key $key $securePassword = 'contents of encrypted_password.txt' | ConvertTo-SecureString -Key $key
 +
 +$fullName = "" # Full name for the user, defaults to username if empty
 +$description = "" # Description for the user, defaults to "User created by script" if empty
 +$localGroup = "" # Group to add the user to, defaults to "Users" if empty. Use Administrators for admin access.
 +
 +# if $fullName is empty or null
 +if (-not $fullName) {
 +    $fullName = $userName
 +}
 +
 +# if $description is empty or null
 +if (-not $description) {
 +    $description = "User created by script"
 +}
 +
 +# if $localGroup is empty or null
 +if (-not $localGroup) {
 +    $localGroup = "Users" # Default group if not specified
 +}
  
 # Check if user exists, create if not # Check if user exists, create if not
 if (-not (Get-LocalUser -Name $userName -ErrorAction SilentlyContinue)) { if (-not (Get-LocalUser -Name $userName -ErrorAction SilentlyContinue)) {
-    New-LocalUser -Name $userName -Password $securePassword -FullName "Daily Data" -Description "Daily Data User"+    try { 
 +        New-LocalUser -Name $userName -Password $securePassword -FullName $fullName -Description $description -ErrorAction Stop 
 +    } catch { 
 +        Write-Error "Failed to create user '$userName': $_" 
 +        exit 1 
 +    }
 } }
  
 # Set the password (update if user exists) # Set the password (update if user exists)
-Set-LocalUser -Name $userName -Password $securePassword+try { 
 +    Set-LocalUser -Name $userName -Password $securePassword 
 +} catch { 
 +    Write-Error "Failed to set password for user '$userName': $_" 
 +    exit 1 
 +}
  
-# Ensure user is in Administrators group +# Ensure user is in correct group 
-if (-not (Get-LocalGroupMember -Group "Administrators" -Member $userName -ErrorAction SilentlyContinue)) { +if (-not (Get-LocalGroupMember -Group $localGroup -Member $userName -ErrorAction SilentlyContinue)) { 
-    Add-LocalGroupMember -Group "Administrators" -Member $userName+    try { 
 +        Add-LocalGroupMember -Group $localGroup -Member $userName -ErrorAction Stop 
 +    } catch { 
 +        Write-Error "Failed to add user '$userName' to group '$localGroup': $_" 
 +        exit 1 
 +    }
 } }
 +# Output success message
 +Write-Host "User '$userName' has been created or updated successfully with the specified password." -ForegroundColor Green
 </code> </code>
  
Line 112: Line 152:
  
   * Do not send the script over any public media like e-mail. You can safely send the $key line, or the $securePassword line, but not both.   * Do not send the script over any public media like e-mail. You can safely send the $key line, or the $securePassword line, but not both.
-  * You can easily change the group to add to. I'd suggest replacing Administrators (two instances near bottom) with a variable, then define the variable at the top. +  * Multiple groups could be set up by changing group to an array and then looping through them. 
-  * FullName and Description likewise could be set up in variables if this script will be used multiple times+  * <del>You can easily change the group to add to. I'd suggest replacing Administrators (two instances near bottom) with a variable, then define the variable at the top.</del> 
 +  * <del>FullName and Description likewise could be set up in variables if this script will be used multiple times</del>
  
 ===== Links ===== ===== Links =====
Line 126: Line 167:
   * https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.localaccounts/get-localuser?view=powershell-5.1   * https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.localaccounts/get-localuser?view=powershell-5.1
   * https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.security/convertto-securestring   * https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.security/convertto-securestring
 +  * https://community.spiceworks.com/t/use-powershell-securestring-with-windows-system-account/974434
 +  * https://stackoverflow.com/questions/7109958/saving-credentials-for-reuse-by-powershell-and-error-convertto-securestring-ke
  
 Also, thanks to DavidN for tightening it up a little for me. Also, thanks to DavidN for tightening it up a little for me.
microsoft_windows/adduser_powershell.1748148241.txt.gz · Last modified: 2025/05/24 23:44 by rodolico