To remotely control AD add/delete user via Powershell:

ssh -i lab.key -o StrictHostKeyChecking=No [email protected] "powershell New-ADUser -Server -Enabled \$True -SAMAccountName $newaccount -DisplayName $newaccount -Givenname $givenname -Surname $surname -Name '$givenname $surname' -UserPrincipalName [email protected] -HomeDirectory \\\\xxx\\userdata\$\\$newaccount -AccountPassword (ConvertTo-SecureString "password" -AsPlainText -force) -PassThru"

Note: the \ mark needs to be escaped in regular ssh session, that’s why I use \\\\ to express \\, but if we use this on Spinnaker, the Java interpretor will automatically add escape mark, so \ is not required.

make the new user has the same membership as a template user

ssh -i lab.key -o StrictHostKeyChecking=No [email protected] 'powershell -Command " & {Get-ADUser -Identity '$templateuser' -Server -Properties memberof | Select-Object -ExpandProperty memberof | Add-ADGroupMember -Server -Members '$newaccount'}"'