- SolarWinds Server Performance and Configuration Bundle - Tue, Jun 18 2019
- SolarWinds Patch Manager: Updating Windows and third-party software - Tue, Apr 30 2019
- Monitor file changes in Windows with PowerShell and pswatch - Fri, Feb 1 2019
With the general release of PowerShell Core 6.0, users now have the ability to use the previously strictly Windows-based scripting language on Linux and macOS. This is quite a great achievement from the PowerShell team. It not only enables IT pros to manage Windows from other operating systems but also lets them use PowerShell for Linux and macOS IT administration tasks.
Here, I am going to show how you can create Linux users with PowerShell. The idea was to try to port the Windows PowerShell cmdlet New-LocalUser to Linux. Now obviously, Linux creates local users differently than Windows, but the idea is essentially similar.
How does Linux create local users? ^
Before we write our function, let's look at the command that creates Linux users: useradd. When comparing useradd with New-LocalUser, I attempted to find similar parameters I could use. Below is a table of these:
| New-LocalUser | useradd |
| -Name | No named parameter, but you can specify one after useradd |
| -Description | --comment |
| -AccountExpires | --expiredate |
| -Password | --password |
You could certainly use other parameters with useradd, but I will work with these to make things simple.
An example of using useradd in Linux would be something like this:
[root@win-puppet ~]# useradd testuser –comment ‘this is a test user’ –expiredate ‘2019-01-01’ –password ‘userpassword’
In the example above, the username is "testuser." Notice we use the format YYYY-MM-DD for the expiredate parameter. It's a requirement to work with this format, so we'll use a string in our function.
New-LocalLinuxUser code ^
Now that we see how useradd works, we can go over the simple PowerShell Core wrapper function New-LocalLinuxUser.
Here is the code for the New-LocalLinuxUser function:
function New-LocalLinuxUser
{
(
[Parameter(Mandatory=$true)]
[string]$Name,
[Parameter(Mandatory=$true)]
[string]$Description,
[Parameter(Mandatory=$true)]
[string]$AccountExpires,
[Parameter(Mandatory=$true)]
[pscredential]$Password
)
/usr/sbin/useradd $Name --comment $Description --expiredate $AccountExpires
if ($LASTEXITCODE -ne 0)
{
Write-Error -Message "Error creating $Name"
Exit
}
echo $Password.GetNetworkCredential().Password | passwd --stdin $Name
if ($LASTEXITCODE -ne 0)
{
Write-Error -Message "Error setting password for $Name"
}
}To hide the password used at the -Password parameter in the shell, I used the PSCredential type. You will see I use the GetNetworkCredential method to draw out the password used within the function. To set the password, you'll have to use the Get-Credential cmdlet along with the New-LocalLinuxUser command. Of course we only need the password from the credential, so I'll show how to do that below.
In addition, you'll notice in the function I use the passwd command to change the password after creating the account. This is the standard Linux command to change a user's password.
Using New-LocalLinuxUser ^
In this example, I have a user "Dan," the expiration date "2019-12-01," a password, and the description for the account, which will be "Standard account."
Running New LocalLinuxUser
I specify -UserName dan in Get-Credential, so there is no prompt to input in the username. Since we are ultimately just using the password, it doesn't matter what the username actually is.
After running the command, running the command id dan shows the user's creation. By default, the user receives the user identifier (UID) and group identifier (GID) 1003.
Subscribe to 4sysops newsletter!
[root@danscomputer ~]# id dan uid=1003(dan) gid=1003(dan) groups=1003(dan)
Conclusion ^
Creating and using the New-LocalLinuxUser function is a good example of how you can use PowerShell Core to create wrappers around Linux commands to make using Linux similar to Windows. I imagine the PowerShell community will begin creating modules that can do similar tasks like this one to extend the capabilities of PowerShell Core better.
Hi,
I have installed Powershell in rhel 7. I want to create local user using powershell. I am getting below error.
PS /opt/microsoft/powershell/6/Modules> New-LocalUser “azureadmin” -Password $Password -FullName “AZURE USER” -Description “Description of this account.”
New-LocalUser : The term ‘New-LocalUser’ is not recognized as the name of a cmdlet, function, script file, or operable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:1
+ New-LocalUser “azureadmin” -Password $Password -FullName “AZURE USER” …
+ ~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (New-LocalUser:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
Harashita:
The function is New-LocalLinuxUser, not New-LocalUser :-), and you would need to be sure to dot source it..
General:
I’d suggest not making the description mandatory (I don’t think Linux requires it? it has been a while), and I’d make the password expiration either be a string or a datetime object, and then you could output it in the correct format.. I reworked this.. (not tested.. but it should be ok..)
function New-LocalLinuxUser { [cmdletbinding()] param ( [Parameter(Mandatory=$true, ValueFromPipelineByPropertyName = $true)] [ValidateLength(1,32)] [ValidateScript({ if ($_ -cmatch '^[a-z_]([a-z0-9_-]{0,31}|[a-z0-9_-]{0,30}\$)$') { return $true } else { throw 'The user account does not match default Linux rules' } })] [string]$Name, [Parameter(ValueFromPipelineByPropertyName = $true)] [string]$Description, [Parameter(Mandatory=$true, ValueFromPipelineByPropertyName = $true, ParameterSetName = 'byString')] [string]$AccountExpiresString, [parameter(Mandatory = $true, ValueFromPipelineByPropertyName = $true, ParameterSetName = 'byDateTime')] [datetime]$AccountExpiresObject, [Parameter(ValueFromPipelineByPropertyName = $true)] [pscredential]$Credential, [parameter(ValueFromPipelineByPropertyName = $true)] [securestring]$Password ) if ($null -eq $Credential -and $null -eq $Password) { throw 'Either a credential object, or a password string (secure) must be supplied' } if ($PSCmdlet.ParameterSetName -eq 'byString') { try { $thisDate = [datetime]::Parse($AccountExpiresString) $ThisDateString = $thisDate.ToString('yyyy-MM-dd') } catch { throw 'The AccountExpiresString is not a valid date' } } else { $ThisDateString = $AccountExpiresObject.ToString('yyyy-MM-dd') } if ($Description) { /usr/sbin/useradd $Name --comment $Description --expiredate $ThisDateString } else { /usr/sbin/useradd $Name --expiredate $ThisDateString } if ($LASTEXITCODE -ne 0) { Write-Error -Message ('Error creating {0}, ExitCode {1}' -f $Name, $LASTEXITCODE) Exit } echo $Password.GetNetworkCredential().Password | passwd --stdin $Name if ($LASTEXITCODE -ne 0) { Write-Error -Message ('Error setting password for {0}; ExitCode {1}' -f $Name, $LASTEXITCODE) } }The biggest changes I made:
If someone has a case-insensitive
David F.
It occurs to me I didn’t “fix” the password piece..
if ($Password) { $Credential=New-Object-TypeName pscredential -ArgumentList ($Name,$Password) } echo $Credential.GetNetworkCredential().Password | passwd --stdin $NameThis will mean that if the user put in both a $Password and $Credential, the $Credential would be overridden..
David F.