{"id":54123,"date":"2009-03-24T21:26:00","date_gmt":"2009-03-24T21:26:00","guid":{"rendered":"https:\/\/blogs.technet.microsoft.com\/heyscriptingguy\/2009\/03\/24\/hey-scripting-guy-how-can-i-create-more-than-one-user-assign-attribute-values-and-assign-the-users-to-groups\/"},"modified":"2009-03-24T21:26:00","modified_gmt":"2009-03-24T21:26:00","slug":"hey-scripting-guy-how-can-i-create-more-than-one-user-assign-attribute-values-and-assign-the-users-to-groups","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/scripting\/hey-scripting-guy-how-can-i-create-more-than-one-user-assign-attribute-values-and-assign-the-users-to-groups\/","title":{"rendered":"Hey, Scripting Guy! How Can I Create More Than One User, Assign Attribute Values, and Assign the Users to Groups?"},"content":{"rendered":"

\"Hey, <\/h2>\n

Hey, Scripting Guy! I enjoyed your article yesterday about creating a local user account. However, for my purposes I need to be able to create more than one user. Also I would like to be able to assign values to attributes such as the description. If it is not asking too much, I would also like to be able to assign the user to a group. After all, a user that is not a member of a group is pretty much useless from a security perspective.<\/p>\n

– WC<\/p>\n

\"Spacer\"\"Hey, <\/p>\n

Hi WC,<\/p>\n

Users go into groups. Groups get assigned permission to access resources. MCSE 101 stuff! When we were taking one of my first MCP exams for Windows NT 3.51, we had a test that harped on that over and over again. If you remembered that mantra, you could pass the exam. The test was boring! In the end, we quit reading the questions, and just read the answers. If the answer was something that looked like “place the user in a group\u2014give the group permission to access the resource,” we selected that answer. By the way, we passed. Oh, you wanted a script didn’t you?<\/p>\n\n<\/thead>\n\n\n
\n

This week we will be looking at scripting Windows PowerShell as it applies to local account management. This is an area that comes up from time to time and for which there are not an awful lot of resources from which to choose. We have these tasks in the Script Center Script Repository pretty well hidden away in the Other Directory Services<\/a> category. There are some great scripts in the Community-Submitted Scripts Center<\/a>. Local account management has been a favorite topic of the \u201cHey, Scripting Guy!\u201d articles over the years, and as a result we have a good selection of articles grouped together in the \u201cHey, Scripting Guy!\u201d archive<\/a>. The most extensive reference you will find is the MSDN coverage of the WinNT ADSI provider<\/a>.<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

<\/div>\n

We decided to write the ReadCSVCreateLocalUsersAddToGroup.ps1<\/b> script. We don’t really have this exact VBScript on the Script Center. Here is a script that adds a user to a local group<\/a>, and here is a script that creates a local user<\/a>. You would need to combine them and then add the code to read a text file if you wanted to reproduce the ReadCSVCreateLocalUSersAddToGroup.ps1<\/b> script in VBScript.<\/p>\n

$computer = $Env:ComputerName\n$text = \"C:\\fso\\LocalUsers.txt\"\n$user = import-csv -path $text\n   foreach($strUser in $user)\n    {\n     $user = $struser.user\n     $password = $struser.password\n     $description =  $struser.description\n     $group = $struser.group\n     Clear-Host\n     $ObjOU = [ADSI]\"WinNT:\/\/$computer\"\n     $objUser = $objOU.Create(\"User\", $user)\n     $objUser.setpassword($password)\n     $objUser.put(\"description\",$description)\n     $objUser.SetInfo()\n     $objGroup = [ADSI]\"WinNT:\/\/$computer\/$group\"\n     $objGroup.add(\"WinNT:\/\/$computer\/$user\")\n     $objGroup.SetInfo()\n    }\n<\/pre>\n
The first thing we do is create a variable named $computer<\/b> and assign the name of the local computer to it. We obtain the name of the local computer by reading the value of the environmental variable ComputerName<\/b>. This value is obtained from the Environmental<\/b> PSDrive as seen here:<\/p>\n
$computer = $Env:ComputerName<\/pre>\n
After we have the computer name, we type the path to the LocalUsers.txt<\/b> file and assign the string to the $text<\/b> variable. The LocalUsers<\/b> file is actually a comma separated value (CSV) file. We just got tired of it opening up in Microsoft Excel each time we accidently double clicked it, so we gave it a .txt extension. Now if we accidently double click it, the contents are immediately displayed in Notepad. The contents of the LocalUsers.txt<\/b> file are seen here:<\/p>\n
$text = \"C:\\fso\\LocalUsers.txt\"<\/pre>\n
\"Image <\/p>\n
 <\/p>\n
After we specify the path to the LocalUsers.txt<\/b> file, we feed it to the Import-Csv<\/b> cmdlet. The resulting custom WIndows PowerShell object is stored in the $user<\/b> variable. If we were to use the Import-Csv<\/b> cmdlet without storing the returned object in a variable, the results would look very similar to the text file itself. We will be able to access these values via a dotted notation later on in the script.<\/p>\n
PS C:\\> Import-Csv -Path C:\\fso\\localUsers.txt\n\nuser                password            description         group\n----                --------            -----------         -----\nauser               P@ssword1           a user from script  users\nbuser               P@ssword1           b user from script  users\ncuser               P@ssword1           c user from script  users\n<\/pre>\n
The command that reads the csv file is shown here: <\/p>\n
$user = import-csv -path $text<\/pre>\n
Next we need to walk through the collection of user information that is contained in the $user<\/b> variable. To do this, we use the ForEach statement as seen here. <\/p>\n
   ForEach($strUser in $user)\n    {\n<\/pre>\n
It is time to populate the variables we will use when creating the user. We decide to recycle the $user<\/b> variable to hold the user name from the csv file. We store the password in the $password<\/b> variable, the description goes in the $description<\/b> variable, and the group name goes into the $group<\/b> variable: <\/p>\n
$user = $struser.user\n     $password = $struser.password\n     $description =  $struser.description\n     $group = $struser.group\n<\/pre>\n
We now use the Clear-Host<\/b> function to remove any distracting information that may be displayed on the Windows PowerShell console window. This is seen here: <\/p>\n
Clear-Host<\/pre>\n
When we have populated all the variables, we now make the connection to the local account database. To do this, we use the [adsi]<\/b> type accelerator, and specify the WinNT ADSI provider. We feed it the computer name stored in the $computer<\/b> variable and store the returned object in the $objOU<\/b> variable as seen here:<\/p>\n
$ObjOU = [ADSI]\"WinNT:\/\/$computer\"<\/pre>\n
After we have made the connection to the local account database, we call the create<\/b> method. We tell it we want to create a user, and we give it the name of the user from the $user<\/b> variable. This is seen here:<\/p>\n
$objUser = $objOU.Create(\"User\", $user)<\/pre>\n
We now need to assign a password for the local user. To do this, we use the setpassword<\/b> method and we give it the password contained in the $password<\/b> variable:<\/p>\n
$objUser.setpassword($password)<\/pre>\n
After setting the password, we decide to assign a description to the user. To do this we use the put<\/b> method to write to the description<\/b> attribute the value we stored in the $description<\/b> variable: <\/p>\n
$objUser.put(\"description\",$description)<\/pre>\n
Next we need to commit the information back to the account database. To do this, we use the SetInfo<\/b> method as seen here: <\/p>\n
$objUser.SetInfo()<\/pre>\n
At this point, the user account actually has been created. There are not very many attributes exposed for a local user account. The auser<\/b> user dialog box is seen here:<\/p>\n
\"Image <\/p>\n
 <\/p>\n
We need for the user account to exist before attempting to assign the user account to a group. It may seem obvious to some, but it is impossible to assign a nonexistent user to a group. To assign a user to a group, we need to first grab the Group<\/b> object. To do this, we once again dig out the [ADSI]<\/b> type accelerator, and once again we use the WinNT ADSI provider, and we use the computer name from the $computer<\/b> variable and the group that was specified in the $group<\/b> variable. We store the Group<\/b> object that is returned in the $objGroup<\/b> variable as seen here: <\/p>\n
$objGroup = [ADSI]\"WinNT:\/\/$computer\/$group\"<\/pre>\n
Now we use the add<\/b> method from the Group<\/b> object to add the user to the group. We need to use the WinNT provider together with the name of the computer and the name of the user to be able to add the user to the group. This is seen here:<\/p>\n
$objGroup.add(\"WinNT:\/\/$computer\/$user\")<\/pre>\n
Now that we have connected to the group, and used the add<\/b> method from the group to add the user to the group, it is time to commit the changes to the account database. We do this by using the SetInfo<\/b> method as shown here:<\/p>\n
$objGroup.SetInfo()\n    }\n<\/pre>\n
We open the Users group property sheet as seen in the following image, and all of our newly created user accounts have been added to the Users group. So the script worked.<\/p>\n
\"Image <\/p>\n
 <\/p>\n
Well, WC, that is it. Users go into groups, and we can use the [adsi]<\/b> type accelerator and the WinNT provider to make it happen. Hope you enjoy the script. We will see you tomorrow as Local Account Management Week continues. Until tomorrow, keep cool.<\/p>\n
 <\/p>\n
Ed Wilson and Craig Liebendorfer, Scripting Guys<\/b><\/p>\n","protected":false},"excerpt":{"rendered":"
Hey, Scripting Guy! I enjoyed your article yesterday about creating a local user account. However, for my purposes I need to be able to create more than one user. Also I would like to be able to assign values to attributes such as the description. If it is not asking too much, I would also […]<\/p>\n","protected":false},"author":595,"featured_media":87096,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[44,197,23,24,3,198,45],"class_list":["post-54123","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-scripting","tag-groups","tag-local-account-management","tag-local-accounts-and-windows-nt-4-0-accounts","tag-other-directory-services","tag-scripting-guy","tag-users","tag-windows-powershell"],"acf":[],"blog_post_summary":"
Hey, Scripting Guy! I enjoyed your article yesterday about creating a local user account. However, for my purposes I need to be able to create more than one user. Also I would like to be able to assign values to attributes such as the description. If it is not asking too much, I would also […]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/54123","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/users\/595"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/comments?post=54123"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/54123\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media\/87096"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media?parent=54123"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/categories?post=54123"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/tags?post=54123"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}