Solved

Create local accounts on multiple servers

Posted on 2014-04-10
9
1,337 Views
Last Modified: 2014-04-11
Hi EE

Anyone have a script that will create multiple accounts on multiple servers?

Accounts.txt will have the account names:
Test1
Test2
Test2

servers listed in servers.txt
oh yeah .. they need to be added to the Local administrator group on each server
0
Comment
Question by:MilesLogan
9 Comments
 
LVL 18

Expert Comment

by:Raheman M. Abdul
Comment Utility
Try this:

function create-account ([string]$accountName, [string]$accountDescription, [string]$hostname ) {
$comp = [adsi]"WinNT://$hostname"
$user = $comp.Create("User", $accountName)
$user.SetPassword("change")
$user.SetInfo()
$user.description = $accountDescription
$user.SetInfo()

$objOU = [ADSI]("WinNT://$hostname/Administrators,group")
$objOU.add("WinNT://$hostname/$accountName")
}

$servers =get-content "C:\temp\servers.txt"
foreach ($server in $servers)
{
$accounts = Get-Content "C:\temp\accounts.txt"
foreach ($account in $accounts)
 {
  create-account $account "" $server
 }
}



Checked using dos command:  
net user
net user Test1
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility
Sure, no problem :)
# Hold this for later on
$Users = Get-Content accounts.txt

# The WinNT interface is complex at best. This lets us get properties from group members when we need to below.
$Properties = "AdsPath", "Name", "AccountDisabled", "Class", "Description"
[Array]$Select = Invoke-Expression "@{n='Server';e={ `$ServerName }}"
$Select += $Properties | ForEach-Object {    
  Invoke-Expression "@{n='$_';e={ `$_.GetType().InvokeMember('$_', 'GetProperty', `$null, `$_, `$null) }}"    
}

# Loop through the list of servers
Get-Content servers.txt | ForEach-Object {
  # If we can ping the server
  if (Test-Connection $_ -Quiet -Count 1) {

    $ServerName = $_    

    # Connect to the server. Connection is used to create users.
    $Server = [ADSI]"WinNT://$ServerName"

    # Connect to the administrators group so we can add members.
    $AdminGroup = [ADSI]"WinNT://$ServerName/Administrators, group"

    $Users | ForEach-Object {

      # Create the user
      $User = $Server.Create("user", $_)
      # Set a dull password
      $User.SetPassword("Password123")
      # Save the changes
      $User.SetInfo()

      # Add the new user to the admin group
      $AdminGroup.Add($User.Path)

      # Just a little bit of validation to do. This shows all (including new) members of the 
      # administrators group on the server.
      $AdminGroup.Members() | Select-Object $Select
    }

  } else {
    # If ping failed we'll say so.
    Write-Warning "Failed to connect to $_"
  }
}

Open in new window

Cheers!

Chris
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility
Sorry Raheman, I should have refreshed before posting. Hopefully two similar methods are better than one :)

Cheers,

Chris
0
 
LVL 65

Expert Comment

by:RobSampson
Comment Utility
Theres a script here to do it with the Password Never Expires flag set.
http://mobile.experts-exchange.com/Programming/Languages/Visual_Basic/VB_Script/Q_26953782.html

Rob.
0
Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

 
LVL 10

Expert Comment

by:Pramod Ubhe
Comment Utility
You may find my accepted solution helpful in below link -

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/Q_28381551.html
0
 
LVL 2

Author Comment

by:MilesLogan
Comment Utility
Thanks guys .. I tried Chris since it has mode details and more function .. Chris can you
also add the code to add a description to the new accounts ?
0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
Comment Utility
Sure, it should only need this:
# Hold this for later on
$Users = Get-Content accounts.txt

# The WinNT interface is complex at best. This lets us get properties from group members when we need to below.
$Properties = "AdsPath", "Name", "AccountDisabled", "Class", "Description"
[Array]$Select = Invoke-Expression "@{n='Server';e={ `$ServerName }}"
$Select += $Properties | ForEach-Object {    
  Invoke-Expression "@{n='$_';e={ `$_.GetType().InvokeMember('$_', 'GetProperty', `$null, `$_, `$null) }}"    
}

# Loop through the list of servers
Get-Content servers.txt | ForEach-Object {
  # If we can ping the server
  if (Test-Connection $_ -Quiet -Count 1) {

    $ServerName = $_    

    # Connect to the server. Connection is used to create users.
    $Server = [ADSI]"WinNT://$ServerName"

    # Connect to the administrators group so we can add members.
    $AdminGroup = [ADSI]"WinNT://$ServerName/Administrators, group"

    $Users | ForEach-Object {

      # Create the user
      $User = $Server.Create("user", $_)
      # Tag on a description
      $User.Description = "New description"
      # Set a dull password
      $User.SetPassword("Password123")
      # Save the changes
      $User.SetInfo()

      # Add the new user to the admin group
      $AdminGroup.Add($User.Path)
    }

    # Just a little bit of validation to do. This shows all (including new) members of the 
    # administrators group on the server.
    $AdminGroup.Members() | Select-Object $Select

  } else {
    # If ping failed we'll say so.
    Write-Warning "Failed to connect to $_"
  }
}

Open in new window

The description can be read from the file if you wish (so it's unique to each account), just needs a bit of tweaking.

Chris
0
 
LVL 23

Expert Comment

by:Coralon
Comment Utility
There is an easy batch file way to do this, if you allow access to the admin$ share, and get a copy of SysInternals PSExec. (http://technet.microsoft.com/en-us/sysinternals/bb897553).

for /f %f in (servers.txt) do for /f %A in (accounts.txt) do psexec \\%f net user %A <temppassword> /add
for /f %f in (servers.txt) do for /f %A in (accounts.txt) do psexec \\%f net localgroup administrators %A /add

Open in new window


Coralon
0
 
LVL 2

Author Closing Comment

by:MilesLogan
Comment Utility
No worries , thanks you !! This saved me alot of time
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

How to sign a powershell script so you can prevent tampering, and only allow users to run authorised Powershell scripts
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now