PowerShell: Add Local User as an Administrator on All Servers in Domain


# addLocalAccountOnAllServers.ps1
# Feature: using only legacy commands for maximum compatibility

# Set variables
$newUsername='backupAdmin'
$newUserPass='VERYCOMPLEXPASSWORD'
$newUserFullName="Local System Admin"
$newUserDesc="Standardized local admin user"
$newUserGroup="Administrators"

function addLocalAccount{
    param(
        $servers=$env:computername,
        $newUsername='backupAdmin',
        $newUserPass='COMPLEXPASSWORDHERE',
        $newUserFullName="Systems Admin",
        $newUserDesc="Standardized local admin user",
        $newUserGroup="Administrators"
    )
    $results=@()
    $psSessionOptions=New-PSSessionOption -SkipCNCheck -OpenTimeOut 60
    foreach ($server in $servers){
        $pssession=new-pssession $server -SessionOption $psSessionOptions -EA Ignore
        $progress=if($pssession.State -eq 'Opened'){
                Invoke-command -session $pssession -ScriptBlock {
                    param($newUsername,$newUserPass,$newUserFullName,$newUserDesc,$newUserGroup)                            
                    # Check whether username exists and proceed accordingly
                    $usernameExists=$(net user $newUsername)[0] -match $newUsername
                    try{
                        if(!$usernameExists){
                            # Using legacy commands for maximum compatibility
                            $null=NET USER $newUsername $newUserPass /fullname:"$newUserFullName" /comment:"$newUserDesc" /Active:Yes /ADD /Y
                            write-host "$newUserName has been created on $env:computername successfully"
                        }else{
                            # if user exists, ensure that its password is matching the intended value
                            $null=invoke-expression "net user $newUsername $newUserPass" 2>&1
                            write-host "$newUserName exists on $env:computername and its password has been reset"
                        }
                        $isMembershipValid=$(net localgroup $newUserGroup) -match $newUsername
                        if(!$isMembershipValid){
                            $null=invoke-expression "NET LOCALGROUP $newUserGroup $newUsername /ADD /Y" 2>&1
                            write-host "$newUserName has been added to group $newUserGroup on $env:computername successfully"
                        }else{
                            write-host "$newUserName is already a member of group $newUserGroup on $env:computername"
                        }
                        $null=Net user $newUsername /active:yes
                    }catch{
                        write-warning $_
                        return $false
                    }                    
                    # Validation
                    $userEnabled=$(net user $newUsername)[5] -match 'Yes'
                    return $userEnabled
                  
                    # These lines only work in PowerShell 5.1+; hence, they are skipped
                    # New-LocalUser $newUsername -Password $newUserPass -FullName $newUserFullName -Description $newUserDesc
                    # Add-LocalGroupMember -Group $newUserGroup -Member $newUsername
                } -Args $newUsername,$newUserPass,$newUserFullName,$newUserDesc,$newUserGroup
                remove-pssession $pssession
            }else{
                write-warning "$env:computername is unable to connect to $server via WinRM"
                $null
            }
        $result=[pscustomobject]@{
            'computername'=$server
            'localUserExists'=$progress
            }
        write-host $result
        $results+=$result
    }
    return $results
}

# Get all servers, excluding domain controllers
$memberServers=Get-ADComputer -Filter 'operatingsystem -like "*server*" -and enabled -eq "true" -and primarygroupid -ne "516"' -Properties Name,Operatingsystem,OperatingSystemVersion,IPv4Address | Sort-Object -Property Operatingsystem | Select-Object -Property Name,Operatingsystem,OperatingSystemVersion,IPv4Address
$servers=$memberServers.Name

$results=addLocalAccount $servers $newUsername $newUserPass $newUserFullName $newUserDesc $newUserGroup

write-host $results

Leave a Reply

Your email address will not be published. Required fields are marked *