New-CMAdministrativeUser
Create an administrative user.
Syntax
New-CMAdministrativeUser
[-CollectionName <String[]>]
-Name <String>
-RoleName <String[]>
[-SecurityScopeName <String[]>]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>] New-CMAdministrativeUser
-Name <String>
-Permission <IResultObject[]>
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Description
Use this cmdlet to create an administrative user for Configuration Manager. An administrative user in Configuration Manager defines a local or domain user or group. When you create the administrative user in Configuration Manager, you can give it access to security roles, security scopes, and collections. For more information about security roles, see Fundamentals of role-based administration in Configuration Manager.
Note
Run Configuration Manager cmdlets from the Configuration Manager site drive, for example PS XYZ:\>. For more information, see getting started.
Examples
Example 1: Add an administrative user
This command adds the Contoso domain user named AdminUser1 as an administrative user. It adds this user to the Application Administrator and Software Update Manager built-in security roles. The command also adds the user to the scope1 and scope2 security scopes, and to the userCollection1 and deviceCollection1 collections.
$name = "Contoso\AdminUser1"
$roles = "Application Administrator","Software Update Manager"
$scopes = "scope1","scope2"
$colls = "userCollection1","deviceCollection1"
New-CMAdministrativeUser -Name $name -RoleName $roles -SecurityScopeName $scopes -CollectionName $collsExample 2: Add a domain group
This example adds the Contoso domain group Security Analysts to the built-in Read-only Analyst security role.
New-CMAdministrativeUser -Name "Contoso\Security Analysts" -RoleName "Read-only Analyst"Parameters
-CollectionName
Specify an array of collection names. The cmdlet assigns the new administrative user to each of these collections.
| Type: | String[] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | False |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DisableWildcardHandling
This parameter treats wildcard characters as literal character values. You can't combine it with ForceWildcardHandling.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ForceWildcardHandling
This parameter processes wildcard characters and may lead to unexpected behavior (not recommended). You can't combine it with DisableWildcardHandling.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Name
Specify the name of the administrative user to add. Use the format domain\name, where name is either the user or the group.
| Type: | String |
| Aliases: | LogonName |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Permission
Specify an array of permissions objects to assign to this new user. To get these objects, use the New-CMAdministrativeUserPermission cmdlet.
| Type: | IResultObject[] |
| Aliases: | Permissions |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-RoleName
Specify an array of security role names. This name can be for a built-in or custom role. To see the list of built-in security roles, see Security roles.
| Type: | String[] |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-SecurityScopeName
Specify an array of security scope names. A security scope name can be "Default" or the name of a custom security scope. The cmdlet assigns the security scopes that you specify to the administrative user.
| Type: | String[] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet doesn't run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | False |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
None
Outputs
IResultObject
Notes
For more information on this return object and its properties, see SMS_Admin server WMI class.
Related Links
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for