Get-UserInfo.ps1 (zpäť na zoznam)
Zisťovanie, či určitý účet existuje, jeho vytvorenie ak nie a pridanie do lokálnej administrátorskej skupiny, a obnovenie nastavení (povolenie účtu, nastavenie platnosti hesla).
$userFlagLocked = 16 #bit value to check if user is locked (shouldn't be)
$userFlagDontExpirePwd = 65536 #bit value to check if user has not set password to expire (should be)
$userName = "user"
$userPwd = "password"
$hostname = hostname #server name
$user = [ADSI]"WinNT://$hostname/$userName, user" #travers to user
if ($user.Name) { #check if user exists on the server
$userFlags = $user.UserFlags.Value #value of user flags to determine if user has expired pwd or is locked
if (($userFlags -BAND $userFlagDontExpirePwd) -eq 0) {#check if password set to expire, if yes set to not expire
$userFlags = $userFlags -BOR $userFlagDontExpirePwd
}
if (($userFlags -BAND $userFlagLocked) -ne 0) {#check if account is not locked, if yes unlock
$userFlags = $userFlags -BXOR $userFlagLocked
}
$user.UserFlags = $userFlags
$user.setInfo()
#check if user is in local admin group
$inLocalAdmins = net localgroup administrators | Where-Object {$_ -match "^$userName$"}
if (-not $inLocalAdmins) {
net localgroup administrators $userName /add
}
#set password
net user $userName $userPwd
}
else {
net user $userName $userPwd /fullname:"Fullname" /comment:"Description" /add /passwordchg:yes /y
net localgroup Administrators $userName /add
}