Assign User to IIS AppPool via Powershell Assign User to IIS AppPool via Powershell powershell powershell

Assign User to IIS AppPool via Powershell


You should always validate your credentials before setting the pool identity. This can be accomplished via the PrincipalContext .NET class -- specifically look at PrincipalContext.ValidateCredentials(user, password).

Sample:

#-- Make sure the proper Assembly is loaded[System.Reflection.Assembly]::LoadWithPartialName("System.DirectoryServices.AccountManagement") | out-null#-- Code to check user credentials -- put in function but here are the guts#-- Recommend you use SecureStrings and convert where needed$ct = [System.DirectoryServices.AccountManagement.ContextType]::Domain$pc = New-Object System.DirectoryServices.AccountManagement.PrincipalContext -ArgumentList $ct,"domainname"$isValid = $pc.ValidateCredentials("myuser","mypassword")

If local account change the $ct to 'Machine' ContextType.


Start and Stop are something of a misnomer. They should really be named Enable and Disable.

The worker process for the pool won't actually "start" until it needs to service a request.

It's at that point authentication takes place. If the username and password are invalid then you'll get a 503 Service Unavailable response and three events (5021, 5057 and 5059) logged by the WAS in the System event log.

There is no up-front checking of the validity of a pool's identity when using the API's. Only the IIS management console performs these checks.