From f793973571342c299654d4ea06d10d27d636ed57 Mon Sep 17 00:00:00 2001
From: taarly <lownslow.music@gmail.com>
Date: Sat, 13 Dec 2025 15:23:00 +0100
Subject: [PATCH] possible fix for user creation

---
 scripts/powershell/README.md       | 42 ++++++++++++++++++++++++++++++
 scripts/powershell/create_user.ps1 |  6 ++---
 2 files changed, 45 insertions(+), 3 deletions(-)
 create mode 100644 scripts/powershell/README.md

diff --git a/scripts/powershell/README.md b/scripts/powershell/README.md
new file mode 100644
index 0000000..fa46501
--- /dev/null
+++ b/scripts/powershell/README.md
@@ -0,0 +1,42 @@
+This directory contains PowerShell scripts used by the PHP AdminTool for Active Directory user creation.
+
+Usage (single user):
+1. Create a JSON payload file (for example `payload.json`) with contents:
+```
+{
+  "samaccountname": "testuser",
+  "displayname": "Test User",
+  "mail": "testuser@example.local",
+  "password": "P@ssw0rd1234",
+  "ou": "OU=Users,DC=example,DC=local",
+  "groups": "Users,IT-Staff",
+  "dry_run": true
+}
+```
+2. Run the script from PowerShell as a user with permission to create AD users (or use `dry_run` true to test):
+
+```
+powershell -NoProfile -NonInteractive -ExecutionPolicy Bypass -File .\create_user.ps1 -InputFile C:\temp\payload.json
+```
+
+Usage (CSV):
+1. Create a CSV file with header `samaccountname,displayname,mail,password,ou,groups` (or no header and set `has_header: false` in meta JSON).
+2. Create a meta JSON file containing the CSV path and options:
+```
+{
+  "input_file": "C:\temp\users.csv",
+  "delimiter": ",",
+  "has_header": true,
+  "dry_run": true
+}
+```
+3. Run the CSV script:
+```
+powershell -NoProfile -NonInteractive -ExecutionPolicy Bypass -File .\create_users_csv.ps1 -InputFile C:\temp\meta.json
+```
+
+Notes:
+- Ensure the `ActiveDirectory` PowerShell module is installed on the host system (RSAT).
+- Test with `dry_run` set to `true` first to verify results without modifying AD.
+- The scripts return a compact JSON object on stdout which the PHP backend expects.
+- Run the webserver (IIS) as a user that has sufficient rights to run the `New-ADUser` and `Add-ADGroupMember` commands when `dry_run` is disabled.
diff --git a/scripts/powershell/create_user.ps1 b/scripts/powershell/create_user.ps1
index ee2216c..87f1ce9 100644
--- a/scripts/powershell/create_user.ps1
+++ b/scripts/powershell/create_user.ps1
@@ -58,7 +58,7 @@ $props['AccountPassword'] = $securePass
 # Execute
 if ($dryRun) {
     $result.success = $true
-    $result.message = "DRY RUN: would create user $sam"
+    $result.message = "DRY RUN: would create user $($sam)"
     Write-Output ($result | ConvertTo-Json -Compress)
     exit 0
 }
@@ -76,11 +76,11 @@ try {
     }
 
     $result.success = $true
-    $result.message = "User $sam created successfully"
+    $result.message = "User $($sam) created successfully"
     Write-Output ($result | ConvertTo-Json -Compress)
     exit 0
 } catch {
-    $result.message = "Error creating user $sam: $($_.Exception.Message)"
+    $result.message = "Error creating user $($sam): $($_.Exception.Message)"
     Write-Output ($result | ConvertTo-Json -Compress)
     exit 1
 }