
Import-Module "$PSScriptRoot\..\..\DSCResources\CommonResourceHelper.psm1" -Force

        Tests if a scope represents the current machine.
    .PARAMETER Scope
        The scope to test.

function Test-IsLocalMachine
    param (
        [Parameter(Mandatory = $true)]

    Set-StrictMode -Version latest

    if ($scope -eq '.')
        return $true

    if ($scope -eq $env:COMPUTERNAME)
        return $true

    if ($scope -eq 'localhost')
        return $true

    if ($scope.Contains('.'))
        if ($scope -eq '')
            return $true

        # Determine if we have an ip address that matches an ip address on one of the network adapters.
        # NOTE: This is likely overkill; consider removing it.
        $networkAdapters = @(Get-CimInstance Win32_NetworkAdapterConfiguration)
        foreach ($networkAdapter in $networkAdapters)
            if ($null -ne $networkAdapter.IPAddress)
                foreach ($address in $networkAdapter.IPAddress)
                    if ($address -eq $scope)
                        return $true

    return $false

        Creates a user account.
        This function creates a user on the local or remote machine.
    .PARAMETER Credential
        The credential containing the username and password to use to create the account.
    .PARAMETER Description
        The optional description to set on the user account.
    .PARAMETER ComputerName
        The optional name of the computer to update. Omit to create a user on the local machine.
        For remote machines, the currently logged on user must have rights to create a user.

function New-User
    param (
        [Parameter(Mandatory = $true)]


        $ComputerName = $env:COMPUTERNAME

    if (Test-IsNanoServer)
        New-UserOnNanoServer @PSBoundParameters
        New-UserOnFullSKU @PSBoundParameters

        Creates a user account on a full server.
        This function creates a user on the local or remote machine running a full server.
    .PARAMETER Credential
        The credential containing the username and password to use to create the account.
    .PARAMETER Description
        The optional description to set on the user account.
    .PARAMETER ComputerName
        The optional name of the computer to update. Omit to create a user on the local machine.
        For remote machines, the currently logged on user must have rights to create a user.

function New-UserOnFullSKU
    param (
        [Parameter(Mandatory = $true)]


        $ComputerName = $env:COMPUTERNAME

    Set-StrictMode -Version Latest

    $userName = $Credential.UserName
    $password = $Credential.GetNetworkCredential().Password

    # Remove user if it already exists.
    Remove-User $userName $ComputerName

    $adComputerEntry = [ADSI] "WinNT://$ComputerName"
    $adUserEntry = $adComputerEntry.Create('User', $userName)
    $null = $adUserEntry.SetPassword($password)

    if ($PSBoundParameters.ContainsKey('Description'))
        $null = $adUserEntry.Put('Description', $Description)

    $null = $adUserEntry.SetInfo()

        Creates a user account on a Nano server.
        This function creates a user on the local machine running a Nano server.
    .PARAMETER Credential
        The credential containing the username and password to use to create the account.
    .PARAMETER Description
        The optional description to set on the user account.
    .PARAMETER ComputerName
        This parameter should not be used on NanoServer.

function New-UserOnNanoServer

    param (
        [Parameter(Mandatory = $true)]


        $ComputerName = $env:COMPUTERNAME

    Set-StrictMode -Version Latest

    if ($PSBoundParameters.ContainsKey('ComputerName'))
        if (-not (Test-IsLocalMachine -Scope $ComputerName))
            throw 'Do not specify the ComputerName arguments when running on NanoServer unless it is local machine.'

    $userName = $Credential.UserName
    $securePassword = $Credential.GetNetworkCredential().SecurePassword

    # Remove user if it already exists.
    Remove-LocalUser -Name $userName -ErrorAction SilentlyContinue

    New-LocalUser -Name $userName -Password $securePassword

    if ($PSBoundParameters.ContainsKey('Description'))
        Set-LocalUser -Name $userName -Description $Description

        Removes a user account.
        This function removes a local user from the local or remote machine.
    .PARAMETER UserName
        The name of the user to remove.
    .PARAMETER ComputerName
        The optional name of the computer to update. Omit to remove the user on the local machine.
        For remote machines, the currently logged on user must have rights to remove a user.

function Remove-User
    param (
        [Parameter(Mandatory = $true)]

        $ComputerName = $env:COMPUTERNAME

    if (Test-IsNanoServer)
        Remove-UserOnNanoServer @PSBoundParameters
        Remove-UserOnFullSKU @PSBoundParameters

        Removes a user account on a full server.
        This function removes a local user from the local or remote machine running a full server.
    .PARAMETER UserName
        The name of the user to remove.
    .PARAMETER ComputerName
        The optional name of the computer to update. Omit to remove the user on the local machine.
        For remote machines, the currently logged on user must have rights to remove a user.

function Remove-UserOnFullSKU
    param (
        [Parameter(Mandatory = $true)]

        $ComputerName = $env:COMPUTERNAME

    Set-StrictMode -Version Latest

    $adComputerEntry = [ADSI] "WinNT://$ComputerName"

    if ($adComputerEntry.Children | Where-Object Path -like "WinNT://*$ComputerName/$UserName")
        $null = $adComputerEntry.Delete('user', $UserName)

        Removes a local user account on a Nano server.
        This function removes a local user from the local machine running a Nano Server.
    .PARAMETER UserName
        The name of the user to remove.
    .PARAMETER ComputerName
        This parameter should not be used on NanoServer.

function Remove-UserOnNanoServer
    param (

        $ComputerName = $env:COMPUTERNAME

    Set-StrictMode -Version Latest

    if ($PSBoundParameters.ContainsKey('ComputerName'))
        if (-not (Test-IsLocalMachine -Scope $ComputerName))
            throw 'Do not specify the ComputerName arguments when running on NanoServer unless it is local machine.'

    Remove-LocalUser -Name $UserName

        Determines if a user exists..
        This function determines if a user exists on a local or remote machine running.
    .PARAMETER UserName
        The name of the user to test.
    .PARAMETER ComputerName
        The optional name of the computer to update.

function Test-User
    param (
        [Parameter(Mandatory = $true)]

        $ComputerName = $env:COMPUTERNAME

    if (Test-IsNanoServer)
        Test-UserOnNanoServer @PSBoundParameters
        Test-UserOnFullSKU @PSBoundParameters

        Determines if a user exists on a full server.
        This function determines if a user exists on a local or remote machine running a full server.
    .PARAMETER UserName
        The name of the user to test.
    .PARAMETER ComputerName
        The optional name of the computer to update.

function Test-UserOnFullSKU
    param (
        [Parameter(Mandatory = $true)]

        $ComputerName = $env:COMPUTERNAME

    Set-StrictMode -Version Latest

    $adComputerEntry = [ADSI] "WinNT://$ComputerName"
    if ($adComputerEntry.Children | Where-Object Path -like "WinNT://*$ComputerName/$UserName")
        return $true

    return $false

        Determines if a user exists on a Nano server.
        This function determines if a user exists on a local or remote machine running a Nano server.
    .PARAMETER UserName
        The name of the user to test.
    .PARAMETER ComputerName
        This parameter should not be used on NanoServer.

function Test-UserOnNanoServer
    param (
        [Parameter(Mandatory = $true)]

        $ComputerName = $env:COMPUTERNAME

    if ($PSBoundParameters.ContainsKey('ComputerName'))
        if (-not (Test-IsLocalMachine -Scope $ComputerName))
            throw 'Do not specify the ComputerName arguments when running on NanoServer unless it is local machine.'

    # Try to find a group by its name.
        $null = Get-LocalUser -Name $UserName -ErrorAction Stop
        return $true
    catch [System.Exception]
        if ($_.CategoryInfo.ToString().Contains('UserNotFoundException'))
            # A user with the provided name does not exist.
            return $false
        throw $_.Exception
        Remove-LocalUser -Name $UserName

    return $false

Export-ModuleMember -Function `
    New-User, `
    Remove-User, `
    Test-IsLocalMachine, `