Home > Software engineering >  New-LocalUser returns null but user account is created
New-LocalUser returns null but user account is created

Time:12-18

I am creating a local user by running below command.

$LocalAccount = New-LocalUser "myaccount" -Password "*****" -FullName "My Account" -Description "My Account" -AccountNeverExpires -PasswordNeverExpires

According to Microsoft documentation, New-LocalUser command is supposed to return a LocalUser object.

Right after that, I am adding that account to Administrators group but it fails as $LocalAccount is null even though I can see that the account is created.

if ((Get-LocalGroupMember -Group "Administrators" -Member $LocalAccount).Count -eq 0)
{
    Add-LocalGroupMember -Group "Administrators" -Member $LocalAccount
}

This happens only when I run this as part of a script. If I just run $LocalAccount = New-LocalUser "myaccount" -Password "*****" -FullName "My Account" -Description "My Account" -AccountNeverExpires -PasswordNeverExpires, it works fine and I can see $LocalAccount has new user info.

What am I missing here?

CodePudding user response:

You could create an account like so:

Define User and password

$Username = "AdminMike"
$Password = "password!"
$group = "Administrators"

Code:

$adsi = [ADSI]"WinNT://$env:COMPUTERNAME"
$existing = $adsi.Children | where {$_.SchemaClassName -eq 'user' -and $_.Name -eq $Username }

if ($existing -eq $null) {

    Write-Host "Creating new local user $Username."
    & NET USER $Username $Password /add /y /expires:never
    
    Write-Host "Adding local user $Username to $group."
    & NET LOCALGROUP $group $Username /add

}
else {
    Write-Host "Setting password for existing local user $Username."
    $existing.SetPassword($Password)
}

Write-Host "Ensuring password for $Username never expires."
& WMIC USERACCOUNT WHERE "Name='$Username'" SET PasswordExpires=FALSE

obviously it would be wise to check if the account exists first etc..

CodePudding user response:

I think the problem is Get-LocalGroupMember which doesn't give you any output when run within the script. This means your If statement will always return false and the Add-LocalGroupMember is not getting executed.

Alternatively, you can add the user to the group at the time of account creation:

$LocalAccount = New-LocalUser "myaccount" -Password $Secure_String_Pwd -FullName "My Account" -Description "My Account" -AccountNeverExpires -PasswordNeverExpires -Verbose  | Add-LocalGroupMember -Group "Administrators" -Verbose

if you want to keep your original script they try using write-output:


$LocalAccount = New-LocalUser "myaccount" -Password $Secure_String_Pwd -FullName "My Account" -Description "My Account" -AccountNeverExpires -PasswordNeverExpires -Verbose


if ((Get-LocalGroupMember -Group "Administrators" -Member $LocalAccount  -Verbose -ErrorAction SilentlyContinue| Write-Output).Count -eq 0)
{
    Add-LocalGroupMember -Group "Administrators" -Member $LocalAccount -Verbose
}

Your if statement is not helping because the account is freshly created using New-LocalUser so no need to check if it is part of the Administrators group.

Page link:https//www.codepudding.com/Softwareengineering/232634.html

Prev:Oracle Database 19c Trigger issue
Next:How to convert awk match to powershell command?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding