To dermine if a local user is member of a local group, before adding the user to the local group in PowerShell I use a C# class. The C# class could be converted to pure PowerShell code, but I prefer the C# class with it’s using statements:

 

[PowerShell script]

"Set execution policy to [Unrestricted]"
Set-ExecutionPolicy Unrestricted

$ComputerName = "."
$ServiceAccountWebUserName = "\saWeb",

"Check if user is member of IIS_IUSRS"
$localGroup = New-Object Ada.Cdf.Deployment.LocalGroup
$localGroup.ComputerName = $ComputerName
$localGroup.Name = "IIS_IUSRS"
if(!$localGroup.ContainsUser($ServiceAccountWebUserName))
{
    "Add user to the IIS_IUSRS group"
    $localGroup.AddUser($ServiceAccountWebUserName)
}

[C# Class]

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.DirectoryServices;
using System.Collections;

namespace Ada.Cdf.Deployment
{
    public class LocalGroup
    {
        /// <summary>
        /// Name of the computer use "." for executing computer
        /// </summary>
        string _computerName = Environment.MachineName;
        public string ComputerName 
        {
            get
            {
                if (!string.IsNullOrEmpty(_computerName) && _computerName.Equals("."))
                {
                    _computerName = Environment.MachineName;
                }
                return _computerName;
            }
            set
            {
                _computerName = value;
            }
        }
        public string Name { get; set; }

        /// <summary>
        /// 
        /// </summary>
        /// <param name="userName"></param>
        /// <returns></returns>
        public bool ContainsUser(string userName)
        {

            // Validate properties
            if (string.IsNullOrEmpty(this.ComputerName)) { throw new ArgumentNullException("this.ComputerName"); }
            if (string.IsNullOrEmpty(this.Name)) { throw new ArgumentNullException("this.Name"); }

            bool result = false;
            using (DirectoryEntry groupEntry = new DirectoryEntry(string.Format("WinNT://{0}/{1},group", this.ComputerName, this.Name)))
            {
                // Get group members
                IEnumerable groupMembers = (IEnumerable)groupEntry.Invoke("Members");

                // Loop members
                foreach (object member in groupMembers)
                {
                    using (DirectoryEntry memberEntry = new DirectoryEntry(member))
                    {
                        if (memberEntry.Name.ToLower().Equals(userName.ToLower()))
                        {
                            result = true;
                        }
                    }
                }
            }

            return result;
        }
        /// <summary>
        /// Add a local user to a local group
        /// </summary>
        /// <param name="userName"></param>
        public void AddUser(string userName)
        {

            // Validate properties
            if (string.IsNullOrEmpty(this.ComputerName)) { throw new ArgumentNullException("this.ComputerName"); }
            if (string.IsNullOrEmpty(this.Name)) { throw new ArgumentNullException("this.Name"); }

            using (DirectoryEntry groupEntry = new DirectoryEntry(string.Format("WinNT://{0}/{1},group", this.ComputerName, this.Name)))
            {
              // Add user to group
              groupEntry.Invoke("Add", new object[] { string.Format("WinNT://{0}/{1}", this.ComputerName, userName) });
            }

        }
    }
}

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.