在远程 Windows 服务器上创建本地用户并添加到管理员组 [英] Creating Local User on Remote Windows Server and Add to Administrator Group
问题描述
我已经创建了 PowerShell 脚本来在远程 Windows Server 上创建用户并添加到管理员组:
$Computer = Read-Host "计算机名称:"$UserName = Read-Host "用户名:"$Password = 读取主机密码"-AsSecureString$AdminGroup = [ADSI]"WinNT://$Computer/Administrator,group"$User = [ADSI]"WinNT://$Computer/$UserName,user"$Cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $UserName, (ConvertTo-SecureString $Password -AsPlainText –Force)$User.SetPassword($Cred.GetNetworkCredential().Password)$AdminGroup.Add($User.Path)它给了我以下错误:
<前>检索成员SetPassword"时发生以下异常:找不到用户名.在 C:\test1.ps1:7 字符:18+ $User.SetPassword <<<<($Cred.GetNetworkCredential().密码)+ CategoryInfo : NotSpecified: (:) [], ExtendedTypeSystemException+ FullQualifiedErrorId : CatchFromBaseGetMember检索成员添加"时发生以下异常:指定的本地组不存在.在 C:\test1.ps1:8 字符:16+ $AdminGroup.Add <<<<($User.Path)+ CategoryInfo : NotSpecified: (:) [], ExtendedTypeSystemException+ FullQualifiedErrorId : CatchFromBaseGetMember如果你想创建一个用户,你需要实际创建一个用户.您使用的语句仅在用户帐户已存在时才返回该用户帐户:
<块引用>$User = [ADSI]"WinNT://$Computer/$UserName,user"创建本地帐户的最简单方法可能是 net 命令:
&净用户 $UserName ($Cred.GetNetworkCredential().Password)/expires:never/add使用 WinNT 提供程序有可能,但更复杂:
$acct = [adsi]"WinNT://$Computer"$user = $acct.Create('User', $UserName)$user.SetPassword($Cred.GetNetworkCredential().Password)$user.SetInfo()此外,正如其他人已经指出的,您拼错了管理员组的名称(这就是导致第二个错误的原因).由于该组的名称可以本地化,具体取决于您运行的语言版本,您可能仍想解决它:
$AdminGroupName = Get-WmiObject Win32_Group -Filter "LocalAccount=True AND SID='S-1-5-32-544'" |选择对象 - 展开名称$AdminGroup = [adsi]"WinNT://$Computer/$AdminGroupName,group"I have Created PowerShell script to create User on remote Windows Server and add to Administrator group:
$Computer = Read-Host "Computer name:"
$UserName = Read-Host "User name:"
$Password = Read-Host "Password" -AsSecureString
$AdminGroup = [ADSI]"WinNT://$Computer/Administrator,group"
$User = [ADSI]"WinNT://$Computer/$UserName,user"
$Cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $UserName, (ConvertTo-SecureString $Password -AsPlainText –Force)
$User.SetPassword($Cred.GetNetworkCredential().Password)
$AdminGroup.Add($User.Path)
And It gives me below error:
The following exception occurred while retrieving member "SetPassword": "
The user name could not be found.
At C:\test1.ps1:7 char:18
+ $User.SetPassword <<<< ($Cred.GetNetworkCredential().Password)
+ CategoryInfo : NotSpecified: (:) [], ExtendedTypeSystemException
+ FullyQualifiedErrorId : CatchFromBaseGetMember
The following exception occurred while retrieving member "Add": "The specified
local group does not exist.
At C:\test1.ps1:8 char:16
+ $AdminGroup.Add <<<< ($User.Path)
+ CategoryInfo : NotSpecified: (:) [], ExtendedTypeSystemException
+ FullyQualifiedErrorId : CatchFromBaseGetMember
If you want to create a user you need to actually create a user. The statement you're using returns a user account only if it already exists:
$User = [ADSI]"WinNT://$Computer/$UserName,user"
Probably the simplest way to create a local account is the net command:
& net user $UserName ($Cred.GetNetworkCredential().Password) /expires:never /add
Using the WinNT provider is possible, but more complicated:
$acct = [adsi]"WinNT://$Computer"
$user = $acct.Create('User', $UserName)
$user.SetPassword($Cred.GetNetworkCredential().Password)
$user.SetInfo()
Also, as others have already pointed out, you misspelled the name of the administrators group (that's what's causing the second error). Since the name of that group could be localized, depending on what language version you're running, you may want to resolve it anyway:
$AdminGroupName = Get-WmiObject Win32_Group -Filter "LocalAccount=True AND SID='S-1-5-32-544'" |
Select-Object -Expand Name
$AdminGroup = [adsi]"WinNT://$Computer/$AdminGroupName,group"
这篇关于在远程 Windows 服务器上创建本地用户并添加到管理员组的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
