Cannot set attributes using ADSI in powershell

powershell adsi
Micah picture Micah · May 24, 2012 · Viewed 7.5k times · Source

I'm trying to create new users with powershell. We're not running active directory (not sure if that changes things or not). Here's what I'm trying to do:

$machine = [ADSI]"WinNT://localhost,computer"
$newUser = $machine.Create("User", $Username)
$newUser.setpassword($Password)
$newUser.SetInfo()

Everything works up to this point and the user is created. But now I want to change additional settings like this, but they all fail

$newUser.Put("sAMAcountName", $Username)
$newUser.SetInfo()

$newUser.Put("userAccountControl", 0x10000)
$newUser.SetInfo()

UPDATE

This is the error I'm getting

Exception calling "Put" with "2" argument(s): "Exception from HRESULT: 0x8000500F"

Any idea what I'm doing wrong? Thanks!

Solution

JPBlanc's answer helped point me in the right direction.

The biggest problem is that there's is little to no documentation on using [ADSI] on machines that are not part of an Active Directory domain.

I was able to solve the issue using the UserFlags property.

$newUser.UserFlags = $UserFlags.DONT_EXPIRE_PASSWD
$newUser.CommitChanges()

Answer

JPBlanc picture JPBlanc · May 24, 2012

Can you try as administrator :

$obj = [ADSI]"WinNT://$env:COMPUTERNAME"
$user = $obj.Children.find("utilisateur1")
$user.psbase.rename("user1")
$user.put('FullName','user1')
$user.setinfo()

According to the followin code I cant see sAMAcountName or userAccountControl which are AD user attributes :

PS C:\Windows\system32> $a | fl *


UserFlags                  : {513}
MaxStorage                 : {-1}
PasswordAge                : {917}
PasswordExpired            : {0}
LoginHours                 : {255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255}
FullName                   : {user1}
Description                : {}
BadPasswordAttempts        : {0}
HomeDirectory              : {}
LoginScript                : {}
Profile                    : {}
HomeDirDrive               : {}
Parameters                 : {}
PrimaryGroupID             : {513}
Name                       : {user1}
MinPasswordLength          : {0}
MaxPasswordAge             : {3628800}
MinPasswordAge             : {0}
PasswordHistoryLength      : {0}
AutoUnlockInterval         : {1800}
LockoutObservationInterval : {1800}
MaxBadPasswordsAllowed     : {0}
objectSid                  : {1 5 0 0 0 0 0 5 21 0 0 0 151 181 85 95 2 227 17 190 248 24 47 102 18 4 0 0}
AuthenticationType         : Secure
Children                   : {}
Guid                       : {D83F1060-1E71-11CF-B1F3-02608C9E7553}
ObjectSecurity             :
NativeGuid                 : {D83F1060-1E71-11CF-B1F3-02608C9E7553}
NativeObject               : System.__ComObject
Parent                     : WinNT://WORKGROUP/JPBHPP2
Password                   :
Path                       : WinNT://WORKGROUP/JPBHPP2/user1
Properties                 : {UserFlags, MaxStorage, PasswordAge, PasswordExpired...}
SchemaClassName            : User
SchemaEntry                : System.DirectoryServices.DirectoryEntry
UsePropertyCache           : True
Username                   :
Options                    :
Site                       :
Container                  :


PS C:\Windows\system32> $a | select -ExpandProperty properties

PropertyName                                                     Value
------------                                                     -----
UserFlags                                                          513
MaxStorage                                                          -1
PasswordAge                                                        917
PasswordExpired                                                      0
LoginHours                                     {255, 255, 255, 255...}
FullName                                                         user1
Description
BadPasswordAttempts                                                  0
HomeDirectory
LoginScript
Profile
HomeDirDrive
Parameters
PrimaryGroupID                                                     513
Name                                                             user1
MinPasswordLength                                                    0
MaxPasswordAge                                                 3628800
MinPasswordAge                                                       0
PasswordHistoryLength                                                0
AutoUnlockInterval                                                1800
LockoutObservationInterval                                        1800
MaxBadPasswordsAllowed                                               0
objectSid                                              {1, 5, 0, 0...}

Related questions

Get All local members and groups displayed together

So far I have the below script that works like a charm but that only list the members of the group "Administrators". As my servers might be german, french ... I have no guarantee that such group will exist with the …

Read More
Create local user with PowerShell (Windows Vista)

I've installed PowerShell recently and one of the first things I started looking for was how to create a new user. After looking for some time I still haven't found this. I have a little experience in bash on linux …

Read More
Getting AD Group Membership ADSI using PowerShell

I currently have ADSI code to get the groups a user is a part of: $searcher = [adsisearcher]"(samaccountname=$env:USERNAME)" $searcher.FindOne().Properties.memberof $adgroups = $User -Replace '^cn=([^,]+).+$', '$1' However, i am wanting to be able to …

Read More