Creating AX users in Powershell

If you want to create a user in Dynamics AX 2012, you can simply use New-AXUser cmdlet and other User and role-based security cmdlets. It’s more difficult in AX 2009 and older versions, but you can utilize Business Connector to do the job. Below is an extended function that I wrote for AX 2009. It accepts a path to an exported AX configuration (to know which AX instance to use), a domain, a user name and, if required, the new AX user ID. It also supports -WhatIf and -Confirm parameters.

It automatically adds the user to the admin group, but you easily can change the script to meet your specific requirements.

Function New-AXUser
{
[CmdletBinding(SupportsShouldProcess = $true)]
Param(
[Parameter(Mandatory=$true)]
[string]$ConfigFile,
[Parameter(Mandatory=$true)]
[string] $UserDomain,		
[Parameter(Mandatory=$true)]
[string]$UserName,		
[string]$AXUserId = $UserName.Substring(0, 5)
)
 
#region Functions
 
Function AddToAdminGroup
{
$membership = $ax.CreateAxaptaRecord('UserGroupList');
$membership.set_Field('UserId', $AXUserId);
$membership.set_Field('GroupId', 'Admin');
$membership.Insert()
}
 
Function AxLogoff
{
[void]$ax.Logoff()
}
 
Function AxLogon
{
try
{
[void][Reflection.Assembly]::LoadWithPartialName('Microsoft.Dynamics.BusinessConnectorNet');
$script:ax = New-Object Microsoft.Dynamics.BusinessConnectorNet.Axapta
$ax.Logon('', '', '', $ConfigFile)
}
catch
{
throw 'Logging to AX failed.'
}
}
 
Function CreateUser
{
$userManager = $ax.CreateAxaptaObject('AxaptaUserManager');
if ($userManager.Call('validateDomainUser', $UserDomain, $UserName) -eq $false)
{
throw error 'User cannot be created.'
}
else
{
$userDetails = $userManager.Call('getDomainUser', $UserDomain, $UserName);
$sid = $userDetails.Call('getUserSid', 0);
$dispName = $userDetails.Call('getUserName', 0);
 
$user = $ax.CreateAxaptaRecord('UserInfo');
$user.ExecuteStmt('select * from %1 where %1.Id == "Admin"')
 
SetField $user 'Id' $AXUserId
SetField $user 'NetworkAlias' $UserName
SetField $user 'NetworkDomain' $UserDomain
SetField $user 'Name' $dispName
SetField $user 'Sid' $sid
 
if ($PSCmdlet.ShouldProcess("Config: $ConfigFile, User ID: $AXUserId"))
{
$user.Insert();
AddToAdminGroup
}
}
}
 
Function SetField
{
Param($axaptaRecord, [string]$fieldName, $value)
 
$axaptaRecord.set_Field($fieldName, $value);
Write-Verbose ($fieldName + ": " + $value)
}
 
Function ValidateParameters
{
if (!(Test-Path $ConfigFile))
{
throw "Configuration $ConfigFile doesn't exist"
}
}
 
#endregion
 
ValidateParameters
AxLogon
CreateUser
AxLogoff
}