File: //var/opt/nydus/ops/customer_local_ops/operating_system/powershell/add_user.ps1
param([Parameter(Mandatory)] [String] $userName,[Parameter(Mandatory)] [String] $groupName)
$passwordBase64 = Read-Host
$password = [System.Text.Encoding]::UTF8.GetString(
[System.Convert]::FromBase64String($passwordBase64))
if(Get-WmiObject -query "SELECT * FROM Win32_UserAccount where LocalAccount='True' and name = '$userName'"){
$user = [ADSI]"WinNT://$($env:COMPUTERNAME)/$userName,user"
}else{
$cn = [ADSI]"WinNT://$($env:COMPUTERNAME)"
$user = $cn.Create("User",$userName)
$user.UserFlags = 66049
$user.Put("description", "Local Account")
}
try{
$user.SetPassword($password)
$user.SetInfo()
}catch{
$errorMessage=$_.Exception.Message
if($errorMessage -like "*Passwords may not contain the user's samAccountName *"){
throw $_.Exception.Message
}elseif($errorMessage -like "*The password does not meet the password policy requirements.*"){
$errorMessage
secedit /export /cfg c:\secpol.cfg
(gc C:\secpol.cfg).replace("PasswordComplexity = 1", "PasswordComplexity = 0") | Out-File C:\secpol.cfg
secedit /configure /db c:\windows\security\local.sdb /cfg c:\secpol.cfg /areas SECURITYPOLICY
rm -force c:\secpol.cfg -confirm:$false
$user.SetPassword($password)
$user.SetInfo()
secedit /export /cfg c:\secpol.cfg
(gc C:\secpol.cfg).replace("PasswordComplexity = 0", "PasswordComplexity = 1") | Out-File C:\secpol.cfg
secedit /configure /db c:\windows\security\local.sdb /cfg c:\secpol.cfg /areas SECURITYPOLICY
rm -force c:\secpol.cfg -confirm:$false
}
}
$computer = [ADSI]("WinNT://$($env:COMPUTERNAME),computer")
$admins = $computer.psbase.children.find('Administrators')
$members = $admins.psbase.invoke('Members') | %{$_.GetType().InvokeMember('Name', 'GetProperty', $null, $_, $null)}
if($members -contains $userName){
}else{
$group = [ADSI]"WinNT://$($env:COMPUTERNAME)/$groupName,group"
try{
$group.psbase.Invoke("Add",([ADSI]"WinNT://$($env:COMPUTERNAME)/$userName").path)
}catch{
$_.Exception.Message
}
}