如何在Powershell中将用户添加到本地管理员组？

Question

I am trying to create user on remote machine using Powershell. Once account created I want to add that in local admin group.

Account is getting created but it is not getting added in admin group. Below is the code that I am using.

  cls
  $username = "test_user"
$password = "password"
$computer1 = hostname
  $users = $null
   $computer = [ADSI]“WinNT://$computer1”
   Try {
      $users = $computer.psbase.children | select -expand name  
      if ($users -like $username) {
         Write-Host "$username already exists"
      } Else {
         $user_obj = $computer.Create(“user”, “$username”)
         $user_obj.SetPassword($password)
         $user_obj.SetInfo()

         $user_obj.Put(“description”, “$username”)
         $user_obj.SetInfo()
         $user_obj.psbase.invokeset(“AccountDisabled”, “False”)
         $user_obj.SetInfo()
         $users = $computer.psbase.children | select -expand name
         if ($users -like $username) {
            Write-Host "$username has been created on $($computer.name)"

            $group = [ADSI]("WinNT://"+$env:COMPUTERNAME+"/administrators,group")
$group.add("WinNT://$env:localhost/$username,user")


         } Else {



            Write-Host "$username has not been created on $($computer.name)"
         }
      }
   } Catch {
      Write-Host "Error creating $username on $($computer.path):  $($Error[0].Exception.Message)"
   }

What am I doing wrong?

Answer 1

$env:computername is your local computer. $env:localhost doesn't exist. $computer1 is the variable you defined of the computer to you are adding the user to earlier.

$group = [ADSI]("WinNT://$computer1/administrators,group")
$group.add("WinNT://$computer1/$username,user")

Answer 2

I use this

$computername = "computername"  # place computername here for remote access
$username = 'user'
$password = 'P@ssw0rd1' #password
$desc = 'Local admin account'
$computer = [ADSI]"WinNT://$computername,computer"
$user = $computer.Create("user", $username)
$user.SetPassword($password)
$user.Setinfo()
$user.description = $desc
$user.setinfo()
$user.UserFlags = 65536
$user.SetInfo()
$group = [ADSI]("WinNT://$computername/administrators,group")
$group.add("WinNT://$username,user")

Answer 3

That is a whole lot of code, just to do this.

Invoke-Command -ComputerName SomeRemoteComputerName -ScriptBlock { net user SomeNewUserName SomePassword net localgroup administrators SomeNewUserName /add }

Yeppers, I know, it's not all pure PoSH. Sure, you can do this with via more code in PoSH (way more in ), but sometimes you just need to get stuff done.

But vs doing this from scratch (well, unless you are just trying to learn stuff). There is a whole set of pre-built scripts and module for you to leverage. See:

'gallery.technet.microsoft.com/scriptcenter/site/search?f%5B0%5D.Type=RootCategory&f%5B0%5D.Value=localaccount'

Of course if all machines were on PoSH v5+, then you just use the built-in cmdlets for local user / group management.

'docs.microsoft.com/en-us/powershell/module/microsoft.powershell.localaccounts/?view=powershell-5.1'

As for the other question: 'check service account exist or not'

Assuming you are asking if this is for a remote computer, then it's the same approach.

Invoke-Command -ComputerName SomeRemoteComputerName -ScriptBlock { Get-Service -Name SomeServiceName Get-Service -DisplayName SomeServiceDisplayName }