2021-08-06 12:12:27 -04:00
|
|
|
function New-IcingaWindowsUser()
|
|
|
|
|
{
|
|
|
|
|
param (
|
|
|
|
|
$IcingaUser = 'icinga'
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
if ((Test-AdministrativeShell) -eq $FALSE) {
|
|
|
|
|
Write-IcingaConsoleError 'For this command you require to run an Admin shell';
|
|
|
|
|
|
|
|
|
|
return @{
|
|
|
|
|
'User' = $null;
|
|
|
|
|
'SID' = $null;
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
|
2022-01-04 14:14:59 -05:00
|
|
|
# Max length for the user name
|
|
|
|
|
if ($IcingaUser.Length -gt 20) {
|
|
|
|
|
Write-IcingaConsoleError 'The specified user name "{0}" is too long. The maximum character limit is 20 digits.' -Objects $IcingaUser;
|
|
|
|
|
|
|
|
|
|
return @{
|
|
|
|
|
'User' = $null;
|
|
|
|
|
'SID' = $null;
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
|
2021-08-06 12:12:27 -04:00
|
|
|
$UserMetadata = Get-IcingaWindowsUserMetadata;
|
2022-01-03 19:22:40 -05:00
|
|
|
$UserConfig = Get-IcingaWindowsUserConfig -UserName $IcingaUser;
|
2021-09-09 09:46:08 -04:00
|
|
|
|
2022-01-03 19:22:40 -05:00
|
|
|
# In case the user exist, we can check if it is a managed user for modifying the login password
|
|
|
|
|
if ($UserConfig.UserExist) {
|
2021-08-06 12:12:27 -04:00
|
|
|
|
|
|
|
|
# User already exist -> override password - but only if the user is entirely managed by Icinga
|
2022-01-03 19:22:40 -05:00
|
|
|
if ($UserConfig.IcingaManagedUser) {
|
2021-08-06 12:12:27 -04:00
|
|
|
$Result = Start-IcingaProcess -Executable 'net' -Arguments ([string]::Format('user "{0}" "{1}"', $IcingaUser, (ConvertFrom-IcingaSecureString -SecureString (New-IcingaWindowsUserPassword))));
|
|
|
|
|
|
|
|
|
|
if ($Result.ExitCode -ne 0) {
|
|
|
|
|
Write-IcingaConsoleError 'Failed to update password for user "{0}": {1}' -Objects $IcingaUser, $Result.Error;
|
|
|
|
|
|
|
|
|
|
return @{
|
|
|
|
|
'User' = $UserConfig.Caption;
|
|
|
|
|
'SID' = $UserConfig.SID;
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Write-IcingaConsoleNotice 'User updated successfully.';
|
2021-09-09 09:46:08 -04:00
|
|
|
} else {
|
|
|
|
|
Write-IcingaConsoleWarning 'User "{0}" is not managed by Icinga for Windows. No changes were made.' -Objects $IcingaUser;
|
2021-08-06 12:12:27 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return @{
|
|
|
|
|
'User' = $UserConfig.Caption;
|
|
|
|
|
'SID' = $UserConfig.SID;
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Access our local Account Database
|
|
|
|
|
$AccountDB = [ADSI]"WinNT://$Env:COMPUTERNAME,Computer";
|
|
|
|
|
$IcingaUserObject = $AccountDB.Create("User", $IcingaUser);
|
|
|
|
|
$IcingaUserObject.SetPassword((ConvertFrom-IcingaSecureString -SecureString (New-IcingaWindowsUserPassword)));
|
|
|
|
|
$IcingaUserObject.SetInfo();
|
|
|
|
|
$IcingaUserObject.FullName = $UserMetadata.FullName;
|
|
|
|
|
$IcingaUserObject.SetInfo();
|
|
|
|
|
$IcingaUserObject.Description = $UserMetadata.Description;
|
|
|
|
|
$IcingaUserObject.SetInfo();
|
|
|
|
|
$IcingaUserObject.UserFlags = 65600;
|
|
|
|
|
$IcingaUserObject.SetInfo();
|
|
|
|
|
|
|
|
|
|
# Add to local user group
|
|
|
|
|
<# This is not required, but let's leave it here for possible later lookup on how this works
|
|
|
|
|
$SIDLocalGroup = New-Object System.Security.Principal.SecurityIdentifier ("S-1-5-32-545");
|
|
|
|
|
$LocalGroup = ($SIDLocalGroup.Translate([System.Security.Principal.NTAccount])).Value.Split('\')[1];
|
|
|
|
|
|
|
|
|
|
$LocalUserGroup = [ADSI]"WinNT://$Env:COMPUTERNAME/$LocalGroup,group";
|
|
|
|
|
$LocalUserGroup.Add("WinNT://$Env:COMPUTERNAME/$IcingaUser,user")
|
|
|
|
|
#>
|
|
|
|
|
|
2022-01-03 19:22:40 -05:00
|
|
|
$UserConfig = Get-IcingaWindowsUserConfig -UserName $IcingaUser;
|
2021-08-06 12:12:27 -04:00
|
|
|
|
|
|
|
|
Write-IcingaConsoleNotice 'User was successfully created.';
|
|
|
|
|
|
|
|
|
|
return @{
|
|
|
|
|
'User' = $UserConfig.Caption;
|
|
|
|
|
'SID' = $UserConfig.SID;
|
|
|
|
|
};
|
|
|
|
|
}
|
