stackoom
  简体   繁体   中英

How do I check if user 'IIS AppPool\MyAppPoolName' exists in powershell

 原文  2019-10-04 14:14:10       powershell/ iis

Question

I'm trying to automate some DB configuration for my developers. For development and testing, we're just using the ApplicationPoolIdentity service accounts (one of our test servers hates NETWORK SERVICE so that's not an option), so I need to configure databases to automatically grant permissions to the correct account for IIS. But developers are often only running the database script, not the database and web scripts.

Because of that, the IIS AppPool may not exist at the time they're running the DB script, which means that by extension the IIS AppPool\myAppPoolName user will not exist either. So when I attempt to grant them access to the local SQL database, they get an error.

So the question is, how do I check that these IIS AppPool service accounts exist in Powershell? I know how to confirm the existence of AD users, or local users, but these IIS apppool service accounts are in neither list. Where do they live? Is it a listing not accessible from Powershell?

I can do something dumb like just catching and handling the error during the permissions step, but I'd rather ask permission than forgiveness.

3 answers

solution1
 1 ACCPTED  2019-10-07 05:16:09

As far as I know, the IIS application pool identity's permission account is IIS AppPool\myAppPoolName. If we want to check this account is exists or not. We just need to check the myAppPoolName is exists or not.

To achieve this, I suggest you could refer to below powershell command to check the application pool is exists or not.

Command:

import-module webadministration

$AppPoolName="Test"

if(Test-Path IIS:\AppPools\$AppPoolName)
{
"AppPool is already there"
return $true;
}
else
{
return $false;
}

Result:

在此处输入图像描述

solution2
 0  2019-10-04 15:52:55

AppPool identity is a virtual account that it will not show up as a user in the Windows User Management Console. This docs maybe helpful: ( https://docs.microsoft.com/en-us/iis/manage/configuring-security/application-pool-identities ). Also this ( https://blogs.msdn.microsoft.com/ericparvin/2015/04/14/how-to-add-the-applicationpoolidentity-to-a-sql-server-login/ )

solution3
 0  2019-10-04 19:23:06

In the end I've taken a forgiveness-not-permission here. I attempt to create the SQL login and corresponding users and handle the exception if they can't.

Edit:

This seems to be the best way to get the actual list of them:

$appPoolIdentities = Get-IISAppPool |
   Where-Object {$_.ProcessModel.IdentityType -eq 'ApplicationPoolIdentity'} |
   ForEach-Object {"IIS AppPool\$($_.Name)"}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How do I recycle an IIS AppPool with Powershell? Assign User to IIS AppPool via Powershell How to run IIS apppool recycle from powershell? How can I check if a User Account group exists through powershell? Powershell Check MIME exists in IIS How do I check, at user logon, if a Firefox plugin exists? Using PowerShell to grant access to a folder for an “IIS AppPool” Ensure that IIS AppPool user is added to windows group How do I run a PowerShell script “in” IIS? How do I create an application pool with specific user in IIS 8.5 using PowerShell?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM