Version 5
Operational requirements
It is important to know that: WinLocal connector uses WinRM. Consequently, WinRM communication should be always enabled between connector server and target computer.
Additionally you should have PowerShell version 5.1 installed on connector server and all client (target) instances.
Service account information:
Service account should be set including your domain name. For example, 'MachineName\serviceAccount'. Connector will perform all operations on behalf of the user, that you specify. Consequently, your service account should have sufficient permissions.
Provisioning identities
WinLocal connector supports working with following identities:
- Users (incuding group memberships)
- Groups
Provisioning User
ADD
| Attribute name | Description | Type | 
|---|---|---|
| Name | Specifies the user name for the user account. If you create a local user account for the local system, the user name can contain up to 20 uppercase characters or lowercase characters. A user name cannot contain the following characters: \ / [ ] “ | < > + = ; , ? * @ A user name cannot consist only of periods . or spaces. Required | string | 
| Password | Specifies a password for the user account. Required or can be omitted if is used 'NoPassword' attribute | string | 
| NoPassword | Indicates that the user account does not have a password. Required if "Password" attribute omitted. Note: "Password" and "PasswordNeverExpires" attributes may not be used. | bool | 
| PasswordNeverExpires | Indicates whether the password expires. | bool | 
| UserMayNotChangePassword | Indicates that the user cannot change the password on the user account. | bool | 
| AccountExpires | Indicates that the account does not expire. Note: "AccountExpires" attribute may not be used together. | datetime | 
| Disabled | Indicates that creates the user account as disabled. | bool | 
| FullName | Specifies the full name for the user account. The full name differs from the user name of the user account. | string | 
| Description | Specifies a comment for the user account. The maximum length is 48 characters. | string | 
| MemberOf (Custom attribute) | Specifies an array of groups. You can specify groups by 'Name'. | array | 
MODIFY
| Attribute name | Description | Type | 
|---|---|---|
| Name | Set new name for local user | string | 
| AccountExpires | Specifies when the user account expires. | datetime | 
| AccountNeverExpires | Indicates that the account does not expire. | bool | 
| Description | Specifies a comment for the user account. The maximum length is 48 characters. | string | 
| FullName | Specifies the full name for the user account. | string | 
| Password | Specifies a password for the user account. | string | 
| PasswordNeverExpires | Indicates whether the password expires. | bool | 
| UserMayChangePassword | Indicates that the user can change the password on the user account. | bool | 
| Enable (Custom attribute) | Enable or Disable the local user | bool | 
| MemberOf (Custom attribute) | Specifies an array of groups. You can specify groups by 'Name'. | array | 
RESET PASSWORD
| Attribute name | Description | Type | 
|---|---|---|
| Password | Specifies a password for the user account. Required | string | 
Provisioning Group
ADD
| Attribute name | Description | Type | 
|---|---|---|
| Name | Specifies a name for the group. The maximum length is 256 characters. Required | string | 
| Description | Specifies a comment for the group. The maximum length is 48 characters. | string | 
| Members (Custom attribute) | Specifies an array of users or groups. You can specify users or groups by name, security ID (SID), or LocalPrincipal objects. | array | 
MODIFY
| Attribute name | Description | Type | 
|---|---|---|
| Name | Specifies a name for the group. The maximum length is 256 characters. Required | string | 
| Description | Specifies a comment for the group. The maximum length is 48 characters. | string | 
| Members (Custom attribute) | Specifies an array of users or groups. You can specify users or groups by name, security ID (SID), or LocalPrincipal objects. | array | 
Search
Get-LocalUser - Gets local user accounts.
[-Name <String[]>] – Specifies an array of names of user accounts.
[-SID <SecurityIdentifier[]>] - Specifies an array of security IDs (SIDs) of user accounts.
| Attribute name | Description | Type | 
|---|---|---|
| AccountExpires | Specifies when the user account expires. | datetime | 
| Description | Specifies a comment for the user account. | string | 
| Enabled | Specifies a user account is enabled. | bool | 
| FullName | Specifies the full name for the user account. | string | 
| PasswordChangeableDate | datetime | |
| PasswordExpires | Specifies a password date expiration. | datetime | 
| UserMayChangePassword | Indicates that the user can change the password on the user account. | bool | 
| PasswordRequired | bool | |
| PasswordLastSet | datetime | |
| LastLogon | datetime | |
| Name | Specifies the user name for the user account. | string | 
| SID | Specifies a security IDs (SIDs) of user account. | string | 
Get-LocalGroup - Gets local security groups in Security Account Manager.
[-Name <String[]>] - Specifies an array of names of security group.
[-SID <SecurityIdentifier[]>] - Specifies an array of security IDs (SIDs) of security groups.
| Attribute name | Description | Type | 
|---|---|---|
| Description | Specifies a comment for the group. | string | 
| Name | Specifies a name for the group. | string | 
| SID | Specifies a security IDs (SIDs) of security group. | string | 
| Members (Custom attribute) | Specifies a names of users or groups. | array | 
Get-LocalGroupMember - Gets members from a local group.
[-Member <String>] - Specifies a user or group that this cmdlet gets from a security group. You can specify users or groups by name or security ID (SID). Specify SID strings in S-R-I-S-S . . . format. You can use wildcard characters. If you do not specify this parameter, the cmdlet gets all members of the group.
[-Name <String>] - Specifies the name of the security group from which this cmdlet gets members.
[-SID <SecurityIdentifier>] - Specifies the security ID of the security group from which this cmdlet gets members.
| Attribute name | Description | Type | 
|---|---|---|
| Name | Specifies a name for the object. | string | 
| SID | Specifies a security IDs (SIDs) of object. | string | 
| ObjectClass | Specifies an object name. | string | 
There are also custom attributes to make it easier to filter objects in groups:
| Attribute name | Description | Type | 
|---|---|---|
| LocalUsers | Specifies local users' names | string[] | 
| DomainUsers | Specifies domain users' names | string[] | 
| AzuerAdUsers | Specifies users' name from Azure | string[] | 
| OtherUsers | Specifies other users' names | string[] | 
| LocalGroups | Filters local groups | string[] | 
| DomainGroups | Filters domain groups | string[] | 
| AzuerAdGroups | Filters groups from Azure | string[] | 
| OtherGroups | Filters other groups | string[] |