Reputation: 116100
Cannot set attributes using ADSI in powershell
I'm trying to create new users with powershell. We're not running active directory (not sure if that changes things or not). Here's what I'm trying to do:
$machine = [ADSI]"WinNT://localhost,computer"
$newUser = $machine.Create("User", $Username)
$newUser.setpassword($Password)
$newUser.SetInfo()
Everything works up to this point and the user is created. But now I want to change additional settings like this, but they all fail
$newUser.Put("sAMAcountName", $Username)
$newUser.SetInfo()
$newUser.Put("userAccountControl", 0x10000)
$newUser.SetInfo()
UPDATE
This is the error I'm getting
Exception calling "Put" with "2" argument(s): "Exception from HRESULT: 0x8000500F"
Any idea what I'm doing wrong? Thanks!
Solution
JPBlanc's answer helped point me in the right direction.
The biggest problem is that there's is little to no documentation on using [ADSI] on machines that are not part of an Active Directory domain.
I was able to solve the issue using the UserFlags property.
$newUser.UserFlags = $UserFlags.DONT_EXPIRE_PASSWD
$newUser.CommitChanges()
Upvotes: 2
Views: 8259
Answers (2)
Reputation: 72640
Can you try as administrator :
$obj = [ADSI]"WinNT://$env:COMPUTERNAME"
$user = $obj.Children.find("utilisateur1")
$user.psbase.rename("user1")
$user.put('FullName','user1')
$user.setinfo()
According to the followin code I cant see sAMAcountName or userAccountControl which are AD user attributes :
PS C:\Windows\system32> $a | fl *
UserFlags : {513}
MaxStorage : {-1}
PasswordAge : {917}
PasswordExpired : {0}
LoginHours : {255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255}
FullName : {user1}
Description : {}
BadPasswordAttempts : {0}
HomeDirectory : {}
LoginScript : {}
Profile : {}
HomeDirDrive : {}
Parameters : {}
PrimaryGroupID : {513}
Name : {user1}
MinPasswordLength : {0}
MaxPasswordAge : {3628800}
MinPasswordAge : {0}
PasswordHistoryLength : {0}
AutoUnlockInterval : {1800}
LockoutObservationInterval : {1800}
MaxBadPasswordsAllowed : {0}
objectSid : {1 5 0 0 0 0 0 5 21 0 0 0 151 181 85 95 2 227 17 190 248 24 47 102 18 4 0 0}
AuthenticationType : Secure
Children : {}
Guid : {D83F1060-1E71-11CF-B1F3-02608C9E7553}
ObjectSecurity :
NativeGuid : {D83F1060-1E71-11CF-B1F3-02608C9E7553}
NativeObject : System.__ComObject
Parent : WinNT://WORKGROUP/JPBHPP2
Password :
Path : WinNT://WORKGROUP/JPBHPP2/user1
Properties : {UserFlags, MaxStorage, PasswordAge, PasswordExpired...}
SchemaClassName : User
SchemaEntry : System.DirectoryServices.DirectoryEntry
UsePropertyCache : True
Username :
Options :
Site :
Container :
PS C:\Windows\system32> $a | select -ExpandProperty properties
PropertyName Value
------------ -----
UserFlags 513
MaxStorage -1
PasswordAge 917
PasswordExpired 0
LoginHours {255, 255, 255, 255...}
FullName user1
Description
BadPasswordAttempts 0
HomeDirectory
LoginScript
Profile
HomeDirDrive
Parameters
PrimaryGroupID 513
Name user1
MinPasswordLength 0
MaxPasswordAge 3628800
MinPasswordAge 0
PasswordHistoryLength 0
AutoUnlockInterval 1800
LockoutObservationInterval 1800
MaxBadPasswordsAllowed 0
objectSid {1, 5, 0, 0...}
Upvotes: 3
Reputation:
What is the error message you're getting? You probably need to grab a new reference to the user before you can modify it again.
Upvotes: 0
Related Questions
- PowerShell - Error Changing AD Attributes
- I Can't modify AD user custom attribute via powershell
- Calling [ADSI] with external parameter
- Cannot set manager attribute using ADSI in PowerShell
- Modifying A Custom Active Directory Attribute With PowerShell Error
- The member does not exist? Powershell script
- Issues with [ADSI]::Exists
- Why can't I update this attribute using the Set-ADUser PowerShell cmdlet?
- Powershell ADSI ntSecurityDescriptor
- Modify attributes in AD via PowerShell (no Quest)