Unable to save a user via powershell

Hi,

Yes, I can help.
I suspect that for some reason, you access to the data source failed.
Can you provide the output of Get-RDMCurrentDataSource ?

I have the data source set correctly. In fact, I have the same line that you suggested in the other ticket added to the beginning of the script:

Hello,

Since the IsConnected returns true, you connected successfully to your Devolutions Server.

Could you please tell us what kind of user you are trying to add, as well as the version of your Devolutions Server? Could you also run an update for the RDM PS module: Update-Module RemoteDesktopManager

I just tried with a local user, added that user to a local group, and it appears as a member of that group. This was done with a Devolutions Server 2022.2.10.

$user = New-RDMUser -Login "test4" -AuthentificationType Builtin -SetUser
$role = get-rdmrole -Name "groupe1"
Add-RDMRoleToUser -RoleObject $role -UserObject $user
Set-RDMUser $user

Best regards,

The following script is used to create a user:

$securePassword = ConvertTo-SecureString "xxxxxxxx" -AsPlainText -Force
$newUser = New-RDMUser -Login $name -AuthentificationType "AzureAD" -Email $email
$newUser.FirstName = $fname
$newUser.LastName = $lname
$newUser.LoginEmail = $email
$newUser.UserInfo.UserAccount.TwoFactorInfo = New-Object 'Devolutions.RemoteDesktopManager.Business.TwoFactorInfo' -Property @{AuthenticationType=[Devolutions.RemoteDesktopManager.TwoFactorAuthenticationType]::GoogleAuthenticator; IsPreConfigured=$true}
$newUser.UserType = [Devolutions.RemoteDesktopManager.UserType]::User
Set-RDMUser -User $newUser

Hello,

I just wanted to validate a few things:

$newUser = New-RDMUser -Login $name -AuthentificationType "AzureAD" -Email $email
$newUser.FirstName = $fname
$newUser.LastName = $lname
$newUser.LoginEmail = $email

Since you are creating an Azure AD (Microsoft) user, you do not need to specify the email, first name, last name, since they will be fetched from the Azure AD cache.

$newUser.UserInfo.UserAccount.TwoFactorInfo = New-Object 'Devolutions.RemoteDesktopManager.Business.TwoFactorInfo' -Property @{AuthenticationType=[Devolutions.RemoteDesktopManager.TwoFactorAuthenticationType]::GoogleAuthenticator; IsPreConfigured=$true}

If you already have a 2FA enabled on your AAD account, you do not usually need to add another 2FA in Devolutions Server, it will already use the one configured on your AAD. If you still want the 2FA for the user, you can set the 2FA to required and it will prompt the user to configure their 2FA the first time they login.

$newUser.UserType = [Devolutions.RemoteDesktopManager.UserType]::User

If you do not set the -administrator parameter, the user will be, by default, a user for the user type.

For domain or AAD users, you also do not need a script to import the users, you can simply enable the Automatic User Creation. The first time a user logs in, they will be added to the Devolutions Server, with no interaction required on your part. You can also specify an AAD group they are a member of, to restrict the access. Please note it also support nested groups.

Administration > Server Settings > Authentication > Office 365/Microsoft - enable "Auto create on first login"


Once the user is added this way, they will be a member for the AAD groups automatically, so you simply need to apply the permissions on your vaults / entries with those groups.

Let me know if it helps!

Best regards,