[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2097
  • Last Modified:

Create local accounts on multiple servers

Hi EE

Anyone have a script that will create multiple accounts on multiple servers?

Accounts.txt will have the account names:
Test1
Test2
Test2

servers listed in servers.txt
oh yeah .. they need to be added to the Local administrator group on each server
0
MilesLogan
Asked:
MilesLogan
1 Solution
 
Raheman M. AbdulSenior Infrastructure Support Analyst & Systems DeveloperCommented:
Try this:

function create-account ([string]$accountName, [string]$accountDescription, [string]$hostname ) {
$comp = [adsi]"WinNT://$hostname"
$user = $comp.Create("User", $accountName)
$user.SetPassword("change")
$user.SetInfo()
$user.description = $accountDescription
$user.SetInfo()

$objOU = [ADSI]("WinNT://$hostname/Administrators,group")
$objOU.add("WinNT://$hostname/$accountName")
}

$servers =get-content "C:\temp\servers.txt"
foreach ($server in $servers)
{
$accounts = Get-Content "C:\temp\accounts.txt"
foreach ($account in $accounts)
 {
  create-account $account "" $server
 }
}



Checked using dos command:  
net user
net user Test1
0
 
Chris DentPowerShell DeveloperCommented:
Sure, no problem :)
# Hold this for later on
$Users = Get-Content accounts.txt

# The WinNT interface is complex at best. This lets us get properties from group members when we need to below.
$Properties = "AdsPath", "Name", "AccountDisabled", "Class", "Description"
[Array]$Select = Invoke-Expression "@{n='Server';e={ `$ServerName }}"
$Select += $Properties | ForEach-Object {    
  Invoke-Expression "@{n='$_';e={ `$_.GetType().InvokeMember('$_', 'GetProperty', `$null, `$_, `$null) }}"    
}

# Loop through the list of servers
Get-Content servers.txt | ForEach-Object {
  # If we can ping the server
  if (Test-Connection $_ -Quiet -Count 1) {

    $ServerName = $_    

    # Connect to the server. Connection is used to create users.
    $Server = [ADSI]"WinNT://$ServerName"

    # Connect to the administrators group so we can add members.
    $AdminGroup = [ADSI]"WinNT://$ServerName/Administrators, group"

    $Users | ForEach-Object {

      # Create the user
      $User = $Server.Create("user", $_)
      # Set a dull password
      $User.SetPassword("Password123")
      # Save the changes
      $User.SetInfo()

      # Add the new user to the admin group
      $AdminGroup.Add($User.Path)

      # Just a little bit of validation to do. This shows all (including new) members of the 
      # administrators group on the server.
      $AdminGroup.Members() | Select-Object $Select
    }

  } else {
    # If ping failed we'll say so.
    Write-Warning "Failed to connect to $_"
  }
}

Open in new window

Cheers!

Chris
0
 
Chris DentPowerShell DeveloperCommented:
Sorry Raheman, I should have refreshed before posting. Hopefully two similar methods are better than one :)

Cheers,

Chris
0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 
RobSampsonCommented:
Theres a script here to do it with the Password Never Expires flag set.
http://mobile.experts-exchange.com/Programming/Languages/Visual_Basic/VB_Script/Q_26953782.html

Rob.
0
 
Pramod UbheCommented:
You may find my accepted solution helpful in below link -

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/Q_28381551.html
0
 
MilesLoganAuthor Commented:
Thanks guys .. I tried Chris since it has mode details and more function .. Chris can you
also add the code to add a description to the new accounts ?
0
 
Chris DentPowerShell DeveloperCommented:
Sure, it should only need this:
# Hold this for later on
$Users = Get-Content accounts.txt

# The WinNT interface is complex at best. This lets us get properties from group members when we need to below.
$Properties = "AdsPath", "Name", "AccountDisabled", "Class", "Description"
[Array]$Select = Invoke-Expression "@{n='Server';e={ `$ServerName }}"
$Select += $Properties | ForEach-Object {    
  Invoke-Expression "@{n='$_';e={ `$_.GetType().InvokeMember('$_', 'GetProperty', `$null, `$_, `$null) }}"    
}

# Loop through the list of servers
Get-Content servers.txt | ForEach-Object {
  # If we can ping the server
  if (Test-Connection $_ -Quiet -Count 1) {

    $ServerName = $_    

    # Connect to the server. Connection is used to create users.
    $Server = [ADSI]"WinNT://$ServerName"

    # Connect to the administrators group so we can add members.
    $AdminGroup = [ADSI]"WinNT://$ServerName/Administrators, group"

    $Users | ForEach-Object {

      # Create the user
      $User = $Server.Create("user", $_)
      # Tag on a description
      $User.Description = "New description"
      # Set a dull password
      $User.SetPassword("Password123")
      # Save the changes
      $User.SetInfo()

      # Add the new user to the admin group
      $AdminGroup.Add($User.Path)
    }

    # Just a little bit of validation to do. This shows all (including new) members of the 
    # administrators group on the server.
    $AdminGroup.Members() | Select-Object $Select

  } else {
    # If ping failed we'll say so.
    Write-Warning "Failed to connect to $_"
  }
}

Open in new window

The description can be read from the file if you wish (so it's unique to each account), just needs a bit of tweaking.

Chris
0
 
CoralonCommented:
There is an easy batch file way to do this, if you allow access to the admin$ share, and get a copy of SysInternals PSExec. (http://technet.microsoft.com/en-us/sysinternals/bb897553).

for /f %f in (servers.txt) do for /f %A in (accounts.txt) do psexec \\%f net user %A <temppassword> /add
for /f %f in (servers.txt) do for /f %A in (accounts.txt) do psexec \\%f net localgroup administrators %A /add

Open in new window


Coralon
0
 
MilesLoganAuthor Commented:
No worries , thanks you !! This saved me alot of time
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now