I'm not sure if I'm not thinking clearly or what, but I'm having difficulty adding the AppPool identity to the local IIS_IUSRS group via PowerShell. It's only 2 lines to add a user to a local group, whether it's a domain user or local user. I've used the
same steps as I have for other scripts to perform the same action, just not for an AppPool identity:
I've changed the backslash to forward slash, hard-coded the user, you name it. I gotta imagine this is something simple that I'm missing. I can't use net localgroup because the names are going to be longer than 20 characters. Anybody have any idea what
I'm missing? Any advice or feedback would be appreciated, thanks all!
5 Posts
Adding AppPool Identity to IIS_IUSRS group via PowerShell
Oct 06, 2013 12:08 AM|brprvw|LINK
I'm not sure if I'm not thinking clearly or what, but I'm having difficulty adding the AppPool identity to the local IIS_IUSRS group via PowerShell. It's only 2 lines to add a user to a local group, whether it's a domain user or local user. I've used the same steps as I have for other scripts to perform the same action, just not for an AppPool identity:
$Group = [ADSI]"WinNT://$ComputerName/IIS_IUSRS,group"
$User = "IIS APPPOOL\sometestsite.example.com"
$Group.psbase.Invoke("Add",([ADSI]"WinNT://$User").path)
I've changed the backslash to forward slash, hard-coded the user, you name it. I gotta imagine this is something simple that I'm missing. I can't use net localgroup because the names are going to be longer than 20 characters. Anybody have any idea what I'm missing? Any advice or feedback would be appreciated, thanks all!
12 Posts
Re: Adding AppPool Identity to IIS_IUSRS group via PowerShell
Oct 06, 2013 07:38 AM|ShayL|LINK
Do you get the user object path when you execute:
([ADSI]"WinNT://$User").path
If so you can try this:
$group.Add("WinNT://$user")