Use a Module to Simplify Scripting Local Users and Groups

Doctor Scripto

Summary: Learn how to use a Windows PowerShell module to simplify scripting local users and groups.

 

Weekend Scripter

Microsoft Scripting Guy Ed Wilson here. There are two things about a module that I like. The first is it makes it really easy to share with others. The second thing is that it works just like other cmdlets, and it does not require much of a learning curve to know how to use it.

I have been talking about my new Local User Management Module recently. On Thursday, I wrote an article about using parameter sets to simplify coding requirements. At that time, I released my Local User Management Module to the Scripting Guys Script Repository. I used that module as an example in my article. On Friday, I talked about some of the design considerations surrounding naming conventions for Windows PowerShell functions. Once again, I used the Local User Management Module as the basis of the discussion. Yesterday, I showed you how to use the module to simplify management tasks surrounding working with local user accounts.

In my mind, there are four distinct tasks required to use the Local User Management Module:

  1. Load the LocalUserModule.
  2. Check for administrator rights.
  3. Use the functions to perform management actions.
  4. Unload the LocalUserModule.

The CreateLocalUserAndAddToGroup.ps1 script illustrates the four steps involved in working with the Local User Management Module. The complete script is shown here.

CreateLocalUserAndAddToGroup.ps1

Import-Module -Name LocalUserModule

If(!(Test-IsAdministrator)) { “This module requires admin rights.” ; exit }

new-localgroup -groupname testGroup

new-localuser -username testuser -password P@ssword1

Set-LocalGroup -userName testuser -GroupName testgroup –add

Remove-Module -Name LocalUserModule

One of the really cool things in creating a quick script to create a new user and assign it to a group–a task that took me less than 2 minutes to accomplish–is that it really simplifies cleanup operations. It took less than a minute to change the script from creating a local user and assigning to a group, to deleting the local user and group. The RemoveUserAndGroup.ps1 script is shown here.

RemoveUserAndGroup.ps1

Import-Module -Name LocalUserModule

If(!(Test-IsAdministrator)) { “This module requires admin rights.” ; exit }

Remove-localgroup -groupname testGroup

Remove-localuser -username testuser

Remove-Module -Name LocalUserModule

The following figure illustrates the changes I made between the two scripts just shown.

Image of changes made between the two scripts

Quite often, when I am messing around writing scripts, I will need to write a script to set something up for me. Therefore, I often write two or three scripts while in the process of creating a single script. For example, I wanted a comma separated value (CSV) file that would list a hundred users and their associated passwords. However, I did not have the patience for such a typing exercise. The following “script” creates a hundred user names and their associated password and saves the information to a CSV file. I put the word script in quotation marks because these types of quick scripts are often typed directly at the Windows PowerShell console, and never saved. For me, it might take longer to retrieve the “script” than to write the command anew. In the following commands, the >> redirection arrows write the information on the left side of the arrows to a file indicated by the path on the right side of the arrows. Two arrows mean to append to any existing data. In addition, the file will be created if it does not exist. The % symbol is an alias for the ForEach-Object cmdlet.

CreateAHundredUserNamesAndPasswordsInACSVFile.ps1

“userName, Password” >> c:\fso\testusers.csv

1..100 | % { “testuser$_, P@ssword$_” >> c:\fso\testUsers.csv }

The CSV file is shown in the following figure.

Image of CSV file created

To use this CSV file, I create a quick script called CreateaHundredUsersFromCSVFile.ps1. It is only nine lines long and could be shortened if needed). In my quick script, I incorporate the four steps: importing/removing the module, testing for administrator rights, and using the functions to perform administrator tasks. After I import the CSV file, I create the user, assign the user to the group, and then go to the next user as I process the stream of information flowing from the CSV file. The nice thing about a CSV file is that it makes the code really easy to read. The value for the username parameter comes from the username field in the CSV file as does the password. The complete is shown appears here.

CreateaHundredUsersFromCSVFile.ps1

Import-Module -Name LocalUserModule

If(!(Test-IsAdministrator)) { “This module requires admin rights.” ; exit }

New-LocalGroup -GroupName testgroup -description “for 100 users”

Import-Csv C:\fso\testusers.csv |

Foreach-Object {

  New-localuser -username $_.username -password $_.password

  Set-LocalGroup -userName $_.username -GroupName testgroup –add

}

Remove-Module -Name LocalUserModule

The 100 users appear in the following figure.

Image of some of the 100 users created

As seen in the following image, all the users were added to the testgroup.

Image of all users added to testgroup

Well, that is enough playing around for now. Oh, wait, I need to clean up by deleting those 100 users. No problem, here is the script. It took less than 30 seconds to create this script from the Create* version. The nice thing is that if you mess up while making the modification, you simply run the Create* version to reset everything to ensure it will work properly. The big difference here is that the description property also needs to be deleted from the Remove-LocalGroup function.

DeleteaHundredUsersFromCSVFile.ps1

Import-Module -Name LocalUserModule

If(!(Test-IsAdministrator)) { “This module requires admin rights.” ; exit }

Remove-LocalGroup -GroupName testgroup

Import-Csv C:\fso\testusers.csv |

Foreach-Object {

  Remove-localuser -username $_.username

}

Remove-Module -Name LocalUserModule

 

Now, I really am outta here. Tomorrow we begin a new week on the Script Center.

I invite you to follow me on Twitter and Facebook. If you have any questions, send email to me at scripter@microsoft.com, or post your questions on the Official Scripting Guys Forum. See you tomorrow. Until then, peace.

Ed Wilson, Microsoft Scripting Guy

 

0 comments

Discussion is closed.

Feedback usabilla icon