Creating AX users in Powershell

Posted by on

If you want to create a user in Dynamics AX 2012, you can simply use New-AXUser cmdlet and other User and role-based security cmdlets. It’s more difficult in AX 2009 and older versions, but you can utilize Business Connector to do the job. Below is an extended function that I wrote for AX 2009. It accepts a path to an exported AX configuration (to know which AX instance to use), a domain, a user name and, if required, the new AX user ID. It also supports -WhatIf and -Confirm parameters.

It automatically adds the user to the admin group, but you easily can change the script to meet your specific requirements.

Function New-AXUser
{
    [CmdletBinding(SupportsShouldProcess = $true)]
    Param(
        [Parameter(Mandatory=$true)]
        [string]$ConfigFile,
        [Parameter(Mandatory=$true)]
        [string] $UserDomain,		
        [Parameter(Mandatory=$true)]
        [string]$UserName,		
        [string]$AXUserId = $UserName.Substring(0, 5)
    )
 
    #region Functions
 
    Function AddToAdminGroup
    {
        $membership = $ax.CreateAxaptaRecord('UserGroupList');
        $membership.set_Field('UserId', $AXUserId);
        $membership.set_Field('GroupId', 'Admin');
        $membership.Insert()
    }
 
    Function AxLogoff
    {
        [void]$ax.Logoff()
    }
 
    Function AxLogon
    {
        try
	{
            [void][Reflection.Assembly]::LoadWithPartialName('Microsoft.Dynamics.BusinessConnectorNet');
            $script:ax = New-Object Microsoft.Dynamics.BusinessConnectorNet.Axapta
            $ax.Logon('', '', '', $ConfigFile)
	}
        catch
	{
            throw 'Logging to AX failed.'
        }
    }
 
    Function CreateUser
    {
        $userManager = $ax.CreateAxaptaObject('AxaptaUserManager');
	if ($userManager.Call('validateDomainUser', $UserDomain, $UserName) -eq $false)
        {
            throw error 'User cannot be created.'
        }
        else
        {
            $userDetails = $userManager.Call('getDomainUser', $UserDomain, $UserName);
            $sid = $userDetails.Call('getUserSid', 0);
            $dispName = $userDetails.Call('getUserName', 0);
 
            $user = $ax.CreateAxaptaRecord('UserInfo');
            $user.ExecuteStmt('select * from %1 where %1.Id == "Admin"')
 
            SetField $user 'Id' $AXUserId
            SetField $user 'NetworkAlias' $UserName
            SetField $user 'NetworkDomain' $UserDomain
            SetField $user 'Name' $dispName
            SetField $user 'Sid' $sid
 
            if ($PSCmdlet.ShouldProcess("Config: $ConfigFile, User ID: $AXUserId"))
            {
                $user.Insert();
                AddToAdminGroup
            }
        }
    }
 
    Function SetField
    {
        Param($axaptaRecord, [string]$fieldName, $value)
 
        $axaptaRecord.set_Field($fieldName, $value);
        Write-Verbose ($fieldName + ": " + $value)
    }
 
    Function ValidateParameters
    {
        if (!(Test-Path $ConfigFile))
        {
            throw "Configuration $ConfigFile doesn't exist"
        }
    }
 
    #endregion
 
    ValidateParameters
    AxLogon
    CreateUser
    AxLogoff
}