1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
| Function Add-IISUser
{
Param ($Username, $Password)
$ADDomain = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
$ADDomainName = $ADDomain.Name
$ADServer = ($ADDomain.InfrastructureRoleOwner.Name.Split(".")[0])
$FQDN = "DC=" + $ADDomain.Name -Replace("\.",",DC=")
$ADDomain = [ADSI] "LDAP://$ADServer/$FQDN"
$CustomerOU = [ADSI] "LDAP://$CustomerOU,$FQDN"
$User = [ADSI] "LDAP://CN=$Username,$CustomerOU,$FQDN"
$PrincipalName = $Username + "@" + $ADDomainName
$AddADUser = $CustomerOU.Create("User","CN=$Username")
$AddADUser.Put("Description", "$Username")
$AddADUser.Put("sAMAccountName", "$Username")
$AddADUser.Put("userPrincipalName", "$PrincipalName")
$AddADUser.Put("DisplayName", "$Username")
$AddADUser.SetInfo()
$AddADUser.SetPassword($Password)
$AddADUser.SetInfo()
$AddADUser.Psbase.Invokeset("AccountDisabled", "False")
$AddADUser.SetInfo()
$AddADUser.Put("userAccountControl", "65536")
$AddADUser.SetInfo()
$DomainNC = ([ADSI]"LDAP://RootDSE").DefaultNamingContext
$DomainUsers = [ADSI]"LDAP://CN=Domain Users,CN=Users,$DomainNC"
$DomainUsers.GetInfoEx(@("primaryGroupToken"), 0)
$OldGroupToken = $DomainUsers.Get("primaryGroupToken")
$DomainGuests = [ADSI]"LDAP://CN=IIS_USERS,CN=Users,$DomainNC"
$DomainGuests.GetInfoEx(@("primaryGroupToken"), 0)
$NewGroupToken = $DomainGuests.Get("primaryGroupToken")
$DomainGuests.Add([String]($AddADUser.AdsPath))
$AddADUser.Put("primaryGroupId", $NewGroupToken)
$AddADUser.SetInfo()
$DomainUsers.Remove([String]($AddADUser.AdsPath))
} |
home
projects
about
contact
follow
feed
settings
