Solved

Create local accounts on multiple servers

Posted on 2014-04-10
9
1,620 Views
Last Modified: 2014-04-11
Hi EE

Anyone have a script that will create multiple accounts on multiple servers?

Accounts.txt will have the account names:
Test1
Test2
Test2

servers listed in servers.txt
oh yeah .. they need to be added to the Local administrator group on each server
0
Comment
Question by:MilesLogan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 19

Expert Comment

by:Raheman M. Abdul
ID: 39993536
Try this:

function create-account ([string]$accountName, [string]$accountDescription, [string]$hostname ) {
$comp = [adsi]"WinNT://$hostname"
$user = $comp.Create("User", $accountName)
$user.SetPassword("change")
$user.SetInfo()
$user.description = $accountDescription
$user.SetInfo()

$objOU = [ADSI]("WinNT://$hostname/Administrators,group")
$objOU.add("WinNT://$hostname/$accountName")
}

$servers =get-content "C:\temp\servers.txt"
foreach ($server in $servers)
{
$accounts = Get-Content "C:\temp\accounts.txt"
foreach ($account in $accounts)
 {
  create-account $account "" $server
 }
}



Checked using dos command:  
net user
net user Test1
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 39993555
Sure, no problem :)
# Hold this for later on
$Users = Get-Content accounts.txt

# The WinNT interface is complex at best. This lets us get properties from group members when we need to below.
$Properties = "AdsPath", "Name", "AccountDisabled", "Class", "Description"
[Array]$Select = Invoke-Expression "@{n='Server';e={ `$ServerName }}"
$Select += $Properties | ForEach-Object {    
  Invoke-Expression "@{n='$_';e={ `$_.GetType().InvokeMember('$_', 'GetProperty', `$null, `$_, `$null) }}"    
}

# Loop through the list of servers
Get-Content servers.txt | ForEach-Object {
  # If we can ping the server
  if (Test-Connection $_ -Quiet -Count 1) {

    $ServerName = $_    

    # Connect to the server. Connection is used to create users.
    $Server = [ADSI]"WinNT://$ServerName"

    # Connect to the administrators group so we can add members.
    $AdminGroup = [ADSI]"WinNT://$ServerName/Administrators, group"

    $Users | ForEach-Object {

      # Create the user
      $User = $Server.Create("user", $_)
      # Set a dull password
      $User.SetPassword("Password123")
      # Save the changes
      $User.SetInfo()

      # Add the new user to the admin group
      $AdminGroup.Add($User.Path)

      # Just a little bit of validation to do. This shows all (including new) members of the 
      # administrators group on the server.
      $AdminGroup.Members() | Select-Object $Select
    }

  } else {
    # If ping failed we'll say so.
    Write-Warning "Failed to connect to $_"
  }
}

Open in new window

Cheers!

Chris
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 39993559
Sorry Raheman, I should have refreshed before posting. Hopefully two similar methods are better than one :)

Cheers,

Chris
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 65

Expert Comment

by:RobSampson
ID: 39993615
Theres a script here to do it with the Password Never Expires flag set.
http://mobile.experts-exchange.com/Programming/Languages/Visual_Basic/VB_Script/Q_26953782.html

Rob.
0
 
LVL 10

Expert Comment

by:Pramod Ubhe
ID: 39993881
You may find my accepted solution helpful in below link -

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/Q_28381551.html
0
 
LVL 2

Author Comment

by:MilesLogan
ID: 39994400
Thanks guys .. I tried Chris since it has mode details and more function .. Chris can you
also add the code to add a description to the new accounts ?
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 39994695
Sure, it should only need this:
# Hold this for later on
$Users = Get-Content accounts.txt

# The WinNT interface is complex at best. This lets us get properties from group members when we need to below.
$Properties = "AdsPath", "Name", "AccountDisabled", "Class", "Description"
[Array]$Select = Invoke-Expression "@{n='Server';e={ `$ServerName }}"
$Select += $Properties | ForEach-Object {    
  Invoke-Expression "@{n='$_';e={ `$_.GetType().InvokeMember('$_', 'GetProperty', `$null, `$_, `$null) }}"    
}

# Loop through the list of servers
Get-Content servers.txt | ForEach-Object {
  # If we can ping the server
  if (Test-Connection $_ -Quiet -Count 1) {

    $ServerName = $_    

    # Connect to the server. Connection is used to create users.
    $Server = [ADSI]"WinNT://$ServerName"

    # Connect to the administrators group so we can add members.
    $AdminGroup = [ADSI]"WinNT://$ServerName/Administrators, group"

    $Users | ForEach-Object {

      # Create the user
      $User = $Server.Create("user", $_)
      # Tag on a description
      $User.Description = "New description"
      # Set a dull password
      $User.SetPassword("Password123")
      # Save the changes
      $User.SetInfo()

      # Add the new user to the admin group
      $AdminGroup.Add($User.Path)
    }

    # Just a little bit of validation to do. This shows all (including new) members of the 
    # administrators group on the server.
    $AdminGroup.Members() | Select-Object $Select

  } else {
    # If ping failed we'll say so.
    Write-Warning "Failed to connect to $_"
  }
}

Open in new window

The description can be read from the file if you wish (so it's unique to each account), just needs a bit of tweaking.

Chris
0
 
LVL 25

Expert Comment

by:Coralon
ID: 39995309
There is an easy batch file way to do this, if you allow access to the admin$ share, and get a copy of SysInternals PSExec. (http://technet.microsoft.com/en-us/sysinternals/bb897553).

for /f %f in (servers.txt) do for /f %A in (accounts.txt) do psexec \\%f net user %A <temppassword> /add
for /f %f in (servers.txt) do for /f %A in (accounts.txt) do psexec \\%f net localgroup administrators %A /add

Open in new window


Coralon
0
 
LVL 2

Author Closing Comment

by:MilesLogan
ID: 39995512
No worries , thanks you !! This saved me alot of time
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Windows 10 came with  a lot of built in applications, Some organisations leave them there, some will control them using GPO's. This Article is useful for those who do not want to have any applications in their image (example:me).
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question