Local User account creation with powershell and iControl

Problem this snippet solves:

This script will allow you to either interactively or by supplying command line arguments (it can also be modified to work with automation products) create local user accounts on a BIG-IP device

How to use this snippet:

make sure you have the powershell commandlets installed and registered.

Code :

#####################################################################################################################
# F5 user creation script#
# Take a device, login crendetials, requested username, actual name, email address and partition#
# then creates a user and emails them the details#
# last updated: 27/01/15 by Lee Payne#
# v1.0#
#####################################################################################################################



#########################################################
# Performs the base initialisation to the BIG-IP device #
#########################################################
function Do-Initialize()
{
#Checks if the snapin has been loaded and if not loads it
if ( (Get-PSSnapin | Where-Object { $_.Name -eq "iControlSnapIn"}) -eq $null )
{
Add-PSSnapIn iControlSnapIn
}
#Tries to log into the device with the supplied credentials
$success = Initialize-F5.iControl -HostName $bigip -Username $uid -Password $pwd;

#If an objects isnt returned representing the device it will log an error to the application event log
if ( $success -eq $null )
{ 
Write-EventLog -Logname Application -Source CSHARE-F5 -EntryType Error -EventId 1 -Message "Failed to bind to F5 device: $bigip"
}
#If it did work it returns the objects representing the device
return $success;
}
#checks if enough command line arguments have been supplied and if not prompts for the information
if ($args.Length -lt 4){
#Reads in the device you want to check
$bigip = Read-Host 'What device do you want to connect to?'
#reads in your username
$uid = Read-Host 'What is your username?'
#reads in your password (doesnt display it on the command line)
$pwd = Read-host 'What is your password?' -AsSecureString
#Take the secure password and turn it into plain text to send to the F5 device
$pwd = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($pwd))
}
else{

#Reads in the device you want to check
$bigip = $args[0]
#reads in your username
$uid = $args[1]
#reads in your password
$pwd = $args[2]


}
#sets the variables for user creation
[String]$username 
[String]$name 
[String]$partition 
[String]$email

$error = 0

#initalize the device and switch to the correct partition
do-initialize $bigip $uid $pass
$(Get-F5.icontrol).ManagementPartition.set_active_partition("users")

#Create the objects required for the user
$userrole =   new-object -typename iControl.ManagementUserManagementUserPermission
$userpassword =  new-object -typename iControl.ManagementUserManagementPasswordInfo
$userinfo = New-Object -TypeName iControl.ManagementUserManagementUserInfo3[] 1
$userinfo[0] = new-object -typename iControl.ManagementUserManagementUserInfo3;

#Set the users role as operator and their partition as the one previously selected
$userrole.role = 1
$userrole.partition = $partition

#Set their user name as their domain login name "_" then the partition they need access to, this should be unique and the script will return an error if it's not unique
$user = new-object -typename iControl.ManagementUserManagementUserID
$user.name = $username +"_"+$partition
$user.full_name = $name

#set the password as unencrypted (it gets stored on the device encrypted)
$userpassword.is_encrypted = 0
#Generate a 12 character random password
$randomObj = New-Object System.Random
$NewPassword="" 
1..12 | ForEach { $NewPassword = $NewPassword + [char]$randomObj.next(33,126) } 
#set the random password as he account password
$userpassword.password = $NewPassword

#Set the array useringo with the details from above.
$userinfo[0].user = $user
$userinfo[0].password = $userpassword
$userinfo[0].login_shell = ""
$userinfo[0].permissions = $userrole
$user = $user.name.tostring()
#try to create the user, if this fails then the account already exists
try{
$(Get-F5.icontrol).managementusermanagement.create_user_3($userinfo)

write-host $user
write-host $NewPassword}
#If an error occurs set the variable
catch [System.Exception] {
$error = 1
}
#write out the values
write-host $user
write-host $NewPassword
return $error

Tested this on version: