Last active
August 29, 2015 14:10
-
-
Save guitarrapc/148eabcd31cf0c44cf65 to your computer and use it in GitHub Desktop.
PowerShell DSC Advent Calendar 2014 : Day 2 なぜ Configuration Management が必要なのか : http://tech.guitarrapc.com/entry/2014/12/02/062659 // Adding New User to WorkGroup Environment. https://github.com/guitarrapc/DSCSample/blob/master/PowerShellDSCAdventCalendar/2014/Day2_WhyConfiuguraitonMangementToolIsRequired/UserByScript.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function New-OSUser | |
{ | |
<# | |
.Synopsis | |
Create New user | |
.DESCRIPTION | |
User will create as you passed Credential. | |
.EXAMPLE | |
New-OSUser -Credential (Get-Credential) -Groups Administrators | |
# create new user with Group assigned Administrators | |
.NOTES | |
- User Flag Property Samples | |
Run LogOn Script &H0001 | |
ADS_UF_SCRIPT = 0X0001 | |
Account Disable &H0002 | |
ADS_UF_ACCOUNTDISABLE = 0X0002 | |
Account requires Home Directory &H0008 | |
ADS_UF_HOMEDIR_REQUIRED = 0X0008 | |
Account Lockout &H0010 | |
ADS_UF_LOCKOUT = 0X0010 | |
No Password reqyured for account &H0020 | |
ADS_UF_PASSWD_NOTREQD = 0X0020 | |
No change Password &H0040 | |
ADS_UF_PASSWD_CANT_CHANGE = 0X0040 | |
Allow Encypted Text Password &H0080 | |
ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED = 0X0080 | |
ADS_UF_TEMP_DUPLICATE_ACCOUNT = 0X0100 | |
ADS_UF_NORMAL_ACCOUNT = 0X0200 | |
ADS_UF_INTERDOMAIN_TRUST_ACCOUNT = 0X0800 | |
ADS_UF_WORKSTATION_TRUST_ACCOUNT = 0X1000 | |
ADS_UF_SERVER_TRUST_ACCOUNT = 0X2000 | |
Password infinit &H10000 | |
ADS_UF_DONT_EXPIRE_PASSWD = 0X10000 | |
ADS_UF_MNS_LOGON_ACCOUNT = 0X20000 | |
Smart Card Required &H40000 | |
ADS_UF_SMARTCARD_REQUIRED = 0X40000 | |
ADS_UF_TRUSTED_FOR_DELEGATION = 0X80000 | |
ADS_UF_NOT_DELEGATED = 0X100000 | |
ADS_UF_USE_DES_KEY_ONLY = 0x200000 | |
ADS_UF_DONT_REQUIRE_PREAUTH = 0x400000 | |
Password expired &H800000 | |
ADS_UF_PASSWORD_EXPIRED = 0x800000 | |
ADS_UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = 0x1000000 | |
#> | |
[OutputType([Void])] | |
[CmdletBinding()] | |
param | |
( | |
[parameter(mandatory)] | |
[PSCredential[]]$Credential, | |
[parameter(mandatory = 0)] | |
[string[]]$Groups = "administrators", | |
[parameter(mandatory = 0)] | |
[int32]$UserFlag = 0x10000 | |
) | |
$hostPC = [System.Environment]::MachineName | |
$directoryComputer = New-Object System.DirectoryServices.DirectoryEntry("WinNT://" + $hostPC + ",computer") | |
$existingUsers = Get-CimInstance -ClassName Win32_UserAccount -Filter "LocalAccount='true'" | |
foreach ($x in $Credential) | |
{ | |
# skip check | |
if ($x -in $ExistingUsers.Name){ Write-Verbose ("User : {0} already exist. Nothing had changed." -f $x.UserName); return } | |
Write-Verbose ("Create new user : {0}." -f $x.UserName) | |
# Create User | |
$newuser = $DirectoryComputer.Create("user", $x.UserName) | |
$newuser.SetPassword($x.GetNetworkCredential().Password) | |
$newuser.SetInfo() | |
# Password must change | |
$newuser.PasswordExpired = 0 | |
$newuser.SetInfo() | |
# Get Account UserFlag to set | |
$userFlags = $newuser.Get("UserFlags") | |
$userFlags = $userFlags -bor $UserFlag | |
$newuser.Put("UserFlags", $userFlags) | |
Write-Verbose "Assign User to UserGroup $Groups" | |
foreach ($group in $Groups) | |
{ | |
#Assign Group for this user | |
$DirectoryGroup = $DirectoryComputer.GetObject("group", $group) | |
$DirectoryGroup.Add("WinNT://" + $HostPC + "/" + $x.UserName) | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment