Simple Powershell questions (Creating a local ID and adding local administrator group plus some checks)

Question

Slightly new to powershell and looking for some guidance. I'm trying to create a simple script to accomplish the following:

1. Check if a local ID already exists on a list of servers
2. If not, create one and add to local administrator group across the list of servers
3. Log out results

$serverlist = Get-Content C:\temp\servers.txt
$credential = Get-Credential
    foreach ($server in $serverlist){
    #User to search for
    $USERNAME = "John"

    #Declare LocalUser Object
    $ObjLocalUser = $null

    Invoke-Command -Credential $credential -Authentication Default -ComputerName $Server -ScriptBlock {
    $ObjLocalUser = Get-LocalUser "John"
    
    #Create the user if it was not found (Example)
    if (!$ObjLocalUser) {
    Write-Verbose "Creating User $($USERNAME)" #(Example)
    NET USER "John" "Generic Password" /ADD /passwordchg:no
    NET LOCALGROUP "Administrators" "Joe Doe" /ADD
        }

    else {
    Write-Verbose "John" already exists"
    }
  }
}

P.S, just using generic credentials for simplicity, will convert to best standards afterwards. Just trying to get more experience writing some Powershell and would probably convert to a custom function later on.

Answer 1

According to your script, I note the following points that could be enhanced

1- you don't have to use the for loop to iterate through the servers list, instead you can pass the server list array directly to the ComputerName parameter of the Invoke-Command

get-help Invoke-Command

Invoke-Command [[-ComputerName] <string[]>] 
# <string[]: indicate that the computername property accepts an array not string
    

so in your script you could use it as follow

Invoke-Command -Credential $credential -Authentication Default -ComputerName $Serverlist {...}

2- in the Invoke-Command , you search if the user exist or not using the command

Get-LocalUser "John"

but this will give you an error if the user doesn't exist

PS C:\Windows\system32> Get-LocalUser john

Get-LocalUser : User john was not found.
At line:1 char:1
+ Get-LocalUser john
+ ~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (john:String) [Get-LocalUser], UserNotFoundException
    + FullyQualifiedErrorId : UserNotFound,Microsoft.PowerShell.Commands.GetLocalUserCommand

instead of that you could search for the user using:

Get-LocalUser | where {$_.name -eq $USERNAME})

3- you don't need to use the variable $ObjLocalUser, you could check directly the search result using the if condition as follow:

if (!(Get-LocalUser | where {$_.name -eq $USERNAME})) {
        Write-output "Creating User $USERNAME" 
        
    } else {
        Write-output "User: $USERNAME already exists"
    }

Finally: in order to use the a local variable inside the invoke-commnd you could use the Using scope modifier to identify a local variable in a remote command.

so the script could be something like that:

$serverlist = Get-Content C:\temp\servers.txt
$credential = Get-Credential
$USERNAME = "John"
Invoke-Command -Credential $credential -Authentication Default -ComputerName $serverlist -ScriptBlock {
    
    #Create the user if it was not found (Example)
    if (!(Get-LocalUser | where {$_.name -eq $Using:USERNAME})) {
        Write-output "Creating User $Using:USERNAME" 
        NET USER $Using:USERNAME "Generic Password" /ADD /passwordchg:no
        NET LOCALGROUP "Administrators" $Using:USERNAME /ADD
    } else {
        Write-output "User: $Using:USERNAME already exists"
    }
}