<#====================================================================

Copyright © 2016, June. Michael Pomfret

Add the active directory Users and Groups on the Local Machine

1. Function to add a user to the group.

2. Function to check for the existence of Local group.

3. Function to check for the Local user account.

4. function to add a user to the group.

5. Function to create the local group.

6. Function to check for the group in the local machine.

7. Function to check for the existence of Local group.

You should replace the “xxxxxx” with the correct passwords for the user.

Check and amend correct AD domain .

====================================================================#>

cls

Set-ExecutionPolicy RemoteSigned

# Powershell function to create the local user…

function CreateLocalUser([string]$userName,[string]$password)

{

write-host -foregroundcolor Red “Checking CreateLocalUser” $userName “password ” $password

write-host “”

write-host “Checking user” $userName

$userExist = LocalUserExist($userName)

if($userExist -eq $false)

{

$User = $Computer.Create(“User”, $userName)

$User.SetPassword($password)

$User.SetInfo()

$User.FullName = $userName

$User.SetInfo()

$User.UserFlags = 64 + 65536 # ADS_UF_PASSWD_CANT_CHANGE + ADS_UF_DONT_EXPIRE_PASSWD

$User.SetInfo()

}

else {

“User : $userName already exist.”

}

}

# Powershell to check for the existence of Local group…

function LocalGroupExist($groupName)

{

return [ADSI]::Exists(“WinNT://$Env:COMPUTERNAME/$groupName,group”)

}

# Powershell function to check for the Local user account…

function LocalUserExist($userName)

{

write-host -foregroundcolor Blue “Checking Local User Exist” $userName

$Computer = [ADSI]”WinNT://$Env:COMPUTERNAME,Computer”

# Local user account creation:

$colUsers = ($Computer.psbase.children | Where-Object {$_.psBase.schemaClassName -eq “User”} | Select-Object -expand Name)

$userFound = $colUsers -contains $user

return $userFound

}

# PS function to add a user to the group…

function AddUserToGroup ($groupName, $userName)

{

$group = [ADSI]”WinNT://$Env:COMPUTERNAME/$groupName”

$user = [ADSI]”WinNT://$domain/$username”

$memberExist = CheckGroupMember $groupName $userName

if($memberExist -eq $false)

{

# Used when user are on local machine – please -ignore

# $group = [ADSI]”WinNT://$Env:COMPUTERNAME/$groupName”

# $user = [ADSI]”WinNT://$domain/$username”

$user = [ADSI]”WinNT://$domain/$userName”

$group = [ADSI]”WinNT://$computerName/$groupName,group”

$group.add(“WinNT://$Domain/$username,group”)

}

}

# PS function to check for the group in the local machine…

function CheckGroupMember($groupName,$memberName)

{

write-host “checking for the group member” $memberName “in the local machine…” $groupName

$group = [ADSI]”WinNT://$Env:COMPUTERNAME/$groupName”

$members = @($group.psbase.Invoke(“Members”))

$memberNames = $members | foreach {$_.GetType().InvokeMember(“Name”, ‘GetProperty’, $null, $_, $null)}

$memberFound = $memberNames -contains $memberName

return $memberFound

}

# PS function to create the local group

function CreateLocalGroup($groupName)

{

$groupExist = LocalGroupExist($groupName)

write-host “$groupExist ” $groupExist

if($groupExist -eq $false)

{

$Group = $Computer.Create(“Group”, $groupName)

$Group.SetInfo()

$Group.Description = $groupName

$Group.SetInfo()

write-host -foregroundcolor Green “$groupName is added to group”

}

else

{

write-host -foregroundcolor Red “Group : $groupName already exist.”

}

}

cls

$server = “localhost”

$computerName = $env:computername

$GroupList= @(“IIS_IUSRS”,”MIISAdmins”,”WSS_ADMIN_WPG”,”WSS_RESTRICTED_WPG_V4″,”WSS_WPG”)

$IIS_IUSRSList= @(“xxx_SP_AppPool”,”xxx_SP_Excel”,”xxx_SP_Farm”,”xxx_SP_MyPool”,”xxx_SP_Profile”,”xxx_SP_Search”,”xxx_SP_Services”,”xxx_SP_Visio”)

$MIISAdminsList= @(“xxx_SP_Farm”,”xxx_SP_Setup”)

$AdministratorsList= @(“xxx_SP_Farm”,”xxx_SP_Setup”)

$WSS_ADMIN_WPGList= @(“xxx_SP_AppPool”,”xxx_SP_Farm”,”xxx_SP_MyPool”,”xxx_SP_Profile”)

$WSS_RESTRICTED_WPG_V4List= @(“xxx_SP_Farm”,”xxx_SP_Setup”)

$WSS_WPGList= @(“xxx_SP_AppPool”,”xxx_SP_C2WTS”,”xxx_SP_Excel”,”xxx_SP_Farm”,”xxx_SP_MyPool”,”xxx_SP_Profile”)

$AdminList= @(“xxx_SP_Farm”,”xxx_SP_Setup”)

$AdminPasswordList= @(“xxxxxx”,”xxxxxx”)

$UserList= @(“xxx_SP_Crawl”,”xxx_SP_AppPool”,”xxx_SP_Search”,”xxx_SP_Services”,”xxx_SP_Profile”,”xxx_SP_C2WTS”,”xxx_SP_Excel”,”xxx_SP_Visio”,”xxx_SP_PerPoint”,”xxx_SP_Reports”,”xxx_SP_MyPool”)

$UserPasswordList= @(“xxxxxx”,”xxxxxx”,”xxxxxx”,”xxxxxx”,”xxxxxx”,”xxxxxx”,”xxxxxx”,”xxxxxx”,”xxxxxx”,”xxxxxx”,”xxxxxx”)

#foreach ($g in $GroupList) {

#write-host “Checking Group” $g “array” (“$” += $g += “List”)

# foreach ($u in ‘$(“$” += $g += “List”)’) {

# write-host “Attempting to add User” $u “To Group” $g

# AddUserToGroup g$ $u

# }

#}

#$Domain = $env:USERDNSDOMAIN

$Domain = “ad.domain.com”

$Computer = [ADSI]”WinNT://$Env:COMPUTERNAME,Computer”

foreach ($grp in $GroupList) {

CreateLocalGroup($grp)

}

foreach ($u in $IIS_IUSRSList) {

write-host “Attempting to add User” $u “ToGroup IIS_IUSRS”

AddUserToGroup “IIS_IUSRS” $u

}

foreach ($u in $MIISAdminsList) {

write-host “Attempting to add User” $u “To Group MIISAdmins”

AddUserToGroup “MIISAdmins” $u

}

foreach ($u in $WSS_ADMIN_WPGList) {

write-host “Attempting to add User” $u “To Group WSS_ADMIN_WPG”

AddUserToGroup “WSS_ADMIN_WPG” $u

}

foreach ($u in $WSS_RESTRICTED_WPG_V4List) {

write-host “Attempting to add User” $u “To Group WSS_RESTRICTED_WPG_V4”

AddUserToGroup “WSS_RESTRICTED_WPG_V4” $u

}

foreach ($u in $WSS_WPGList) {

write-host “Attempting to add User” $u “To Group WSS_WPG”

AddUserToGroup “WSS_WPG” $u

}

$i=0

foreach ($User in $AdminList) {

write-host “Attempting ” $User “Password ” $UserPasswordList[$i]

# CreateLocalUser $User $AdminPasswordList[$i]

$i++

}

$i=0

foreach ($User in $UserList) {

write-host “Attempting ” $User “Password ” $UserPasswordList[$i]

# CreateLocalUser $User $UserPasswordList[$i]

$i++

}

foreach ($u in $AdministratorsList) {

write-host “Attempting to add User” $u “To Group Administrators”

AddUserToGroup “Administrators” $u

}

write-host “End”