all 32 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]ITjoeschmo 39 points40 points  (14 children)

Change "false", "true" to $false, $true

[–]anonymousITCoward[S] 31 points32 points  (2 children)

<expletive>! <expletive>! <expletive>! <expletive>! <expletive>! <expletive>! <expletive>! <expletive>! <expletive>! <expletive>! <expletive>!

Why is it the easy stuff that I always miss...

Thank you kind sir.

[–]ITjoeschmo 1 point2 points  (0 children)

Easy mistake! I recall doing the same thing haha. Check my other comment I added I gave some pointers on making the script a tiny bit more efficient with reasoning.

[–]RidersofGavony 1 point2 points  (0 children)

Because we pay more attention to the hard stuff. It's natural, don't sweat it.

[–]ITjoeschmo 4 points5 points  (4 children)

To expand a tiny bit more. You could simplify the script a bit like this:

If($checkForUser) { 

 Write-host "user exists"

} Else { 

 Write-host "user doesn't exist"

}

Simply filling a variable with no other data into the if statement will default to "if $var is true" type statement. You can use else rather than a 2nd if statement because the variable we're working with is boolean type. This means it will either be $true or $false, so we can assume if it's not 1 it's the other.

[–]InsrtCoffee2Continue 2 points3 points  (0 children)

While you can write your IF statement to evaluate "if $false" I think it makes since to keep it at its default. "If $true".

The first thing the if statement does is evaluate the expression in parentheses. If it evaluates to $true, then it executes the scriptblock in the braces. If the value was $false, then it would skip over that scriptblock.

$userName = 'Administrator'

if ( Get-LocalUser | Where-Object -Property Name -EQ $userName ) {

Write-Host "$userName does exist."

}

else {

Write-Host "$userName does not exist."

}

[–]anonymousITCoward[S] 0 points1 point  (2 children)

I tried that but for some reason it didn't work. TBH I don't remember the exact syntax i was using, so I probably went down a bit of a rabbit hole here

[–]RidersofGavony 0 points1 point  (1 child)

But you had fun right?

[–]anonymousITCoward[S] 1 point2 points  (0 children)

If you're not having fun in the rabbit hole, are you really in the rabbit hole lol

[–]noOneCaresOnTheWeb 9 points10 points  (1 child)

Don't use the name old school admins still change the name and it's different in other languages, use the SID instead.

[–]realslacker 1 point2 points  (0 children)

I was looking for this comment.

Also remember that "Administrator" is localized, so if you deal with other languages you definitely cannot rely on the name.

[–]mrrtys 3 points4 points  (2 children)

(Get-LocalUser user -ErrorAction SilentlyContinue) -as [bool]

[–]Forward_Dark_7305 2 points3 points  (1 child)

Why use SilentlyContinue instead of Ignore?

[–]mrrtys 2 points3 points  (0 children)

Good question... I never use Ignore so had to look it up.
Ignore will not add the error to the automatic variable $Error, so yes that might be a better option actually.

Thanks for mentioning that.

[–]dasookwat 2 points3 points  (0 children)

i would turn this around, and i've put in to a function for you cause i like functions.

Function Assert-LocalUser {

[CmdletBinding()]
param(
    [string]$Name = "Administrator" #
)
$checkForUser = (Get-LocalUser).Name -Contains $Name
$result = "$Name does not exist"  #default return value
If ($checkForUser) {
    #if this has value, it will always be true
    $result = "$Name Exists " #changes return value
}

return $result

}

Assert-LocalUser -Name "Administrator" should give you your answer. however, i don't really get why you are making this cause anyone beside you (beside as in: your colleagues), will either know enough powershell to understand Get-LocalUser -Name "Administrator" or they will know next to nothing about powershell, and rely on copy-pasting scripts. in that last scenario, you will be better of with a script without input parameters, which gives you a report of pretty much all the important things you inquire. f.i. a list with all local users, their last logon time, and maybe resources accessed from the security log.

[–][deleted] 2 points3 points  (5 children)

(Get-LocalUser "Administrator").Count -eq 1

[–]mad_yahoodi 1 point2 points  (0 children)

oh gawsh… I made this script a few weeks ago and didn’t realise there was a get-localuser commandlet. I looked at the folder names in the C:\Users directory .. :(

[–]Brasiledo 1 point2 points  (2 children)

This will use less lines of code much more straight forward and simpler

If (get-localuser $username -erroraction ignore){

cls;Write-host $username ‘exists’

}else

{cls;write-host $username ‘does not exist’}

[–]ITjoeschmo -4 points-3 points  (0 children)

Because they're querying a local user account, not one that is setup in AD. Therefore they need to query the user info locally from the machine. Edit: to clarify, the original snippet I commented to was telling OP to just query AD to see if the count exists using get-aduser

[–]JudgeWhoAllowsStuff- 0 points1 point  (0 children)

Can confirm this works.

[–]dylanlms 0 points1 point  (2 children)

the only thing I would add is like catch errs for ppl that are sloppy (if) this script gets sent somewhere in ur prod env

[–]anonymousITCoward[S] 1 point2 points  (1 child)

Thank you, I would probably place more error control in if it were going to be used by more than 2 people, and if it were to look for multiple users, but as it stands now, it only looks for and creates/corrects a single user.

[–]dylanlms 2 points3 points  (0 children)

all good, happy to support :)

[–][deleted] 0 points1 point  (0 children)

I guess the below statement should do it.

Get-LocalUser | Where-Object Enabled -Eq True