To dermine if a local user is member of a local group, before adding the user to the local group in PowerShell I use a C# class. The C# class could be converted to pure PowerShell code, but I prefer the C# class with it’s using statements:
[PowerShell script]
"Set execution policy to [Unrestricted]"
Set-ExecutionPolicy Unrestricted
$ComputerName = "."
$ServiceAccountWebUserName = "\saWeb",
"Check if user is member of IIS_IUSRS"
$localGroup = New-Object Ada.Cdf.Deployment.LocalGroup
$localGroup.ComputerName = $ComputerName
$localGroup.Name = "IIS_IUSRS"
if(!$localGroup.ContainsUser($ServiceAccountWebUserName))
{
"Add user to the IIS_IUSRS group"
$localGroup.AddUser($ServiceAccountWebUserName)
}
[C# Class]
using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.DirectoryServices; using System.Collections; namespace Ada.Cdf.Deployment { public class LocalGroup { /// <summary> /// Name of the computer use "." for executing computer /// </summary> string _computerName = Environment.MachineName; public string ComputerName { get { if (!string.IsNullOrEmpty(_computerName) && _computerName.Equals(".")) { _computerName = Environment.MachineName; } return _computerName; } set { _computerName = value; } } public string Name { get; set; } /// <summary> /// /// </summary> /// <param name="userName"></param> /// <returns></returns> public bool ContainsUser(string userName) { // Validate properties if (string.IsNullOrEmpty(this.ComputerName)) { throw new ArgumentNullException("this.ComputerName"); } if (string.IsNullOrEmpty(this.Name)) { throw new ArgumentNullException("this.Name"); } bool result = false; using (DirectoryEntry groupEntry = new DirectoryEntry(string.Format("WinNT://{0}/{1},group", this.ComputerName, this.Name))) { // Get group members IEnumerable groupMembers = (IEnumerable)groupEntry.Invoke("Members"); // Loop members foreach (object member in groupMembers) { using (DirectoryEntry memberEntry = new DirectoryEntry(member)) { if (memberEntry.Name.ToLower().Equals(userName.ToLower())) { result = true; } } } } return result; } /// <summary> /// Add a local user to a local group /// </summary> /// <param name="userName"></param> public void AddUser(string userName) { // Validate properties if (string.IsNullOrEmpty(this.ComputerName)) { throw new ArgumentNullException("this.ComputerName"); } if (string.IsNullOrEmpty(this.Name)) { throw new ArgumentNullException("this.Name"); } using (DirectoryEntry groupEntry = new DirectoryEntry(string.Format("WinNT://{0}/{1},group", this.ComputerName, this.Name))) { // Add user to group groupEntry.Invoke("Add", new object[] { string.Format("WinNT://{0}/{1}", this.ComputerName, userName) }); } } } }