Creating users with Powershell

We all had our fair share of database we were locked out of, because a user added himself and no other users to a database. In that case, we have 3 options to gain access to the database.

One of the possibilities I’ll describe is using Powershell, however, if you have multiple version installed, you might run into problems with the cmdlet client version. How to work around this, I’ll describe here as well.

Option 1: Asking a user which has permission to add your user

This is probably the most easy way to gain access. Although at times, it might be hard to find who actually has access. In that case, or if that user is on leave, you might want to look into the other 2 options.

Option 2: Removing all users and restarting the NST

Another option, is to remove all users through SQL and restarting the NST. This way, no users are defined, and everyone has permission to access the database.

This is already described by other bloggers, such as Waldo in this post.

Downside to this, you will lose all permission that were set, so not always something you want.

Option 3: Add a user using Powershell

On the NST using the NavAdminTool.PS1, you have some cmdlets which let you add users and permissions:

  • New-NavServerUser
  • New-NavServerUserPermissionSet

First, you’ll need to start Powershell (or IDE) as administrator, on the machine the NST is installed. Optionally, you start the Dynamics NAV Administration Shell directly.

If you didn’t start the Administration Shell, you will need to import the module NavAdminTool.PS1. This can be found in the service folder. Basically, you will run the following command:

Import-Module "${env:ProgramFiles}\Microsoft Dynamics NAV\80\Service\NavAdminTool.ps1"

env:ProgramFiles will be replaced by the program files folder.

First step is to add a user. Most of the time, I add a windows account, I will also need to supply the server instance:

New-NavServerUser -WindowsAccount 'domain\user' -ServerInstance InstanceName

Next, I’ll add permissions to the user. Again, I will need to supply a user and a server instance, as well as a permission set:

New-NavServerUserPermissionSet -WindowsAccount 'domain\user' -ServerInstance InstanceName -PermissionSetId SUPER

The permission set ID is just the name of the role, in this case, I added the SUPER role for my user.

Both cmdlets have some extra parameters you can use, such as Tenant, …

So far so good, but if you have multiple NST version installed, you might get an error claiming you have a wrong client version, or even “The Microsoft Dynamics NAV Admin can only manage version X.X or later…..”

1 thing you could try is to Import-Module of the NavAdminTool.PS1 of the NST folder you wish to access.
However, this will probably not even work. Here’s why.

After editing the NavAdminTool.PS1, I found this:

$nstPath = "HKLM:\SOFTWARE\Microsoft\Microsoft Dynamics NAV\80\Service"
$managementDllPath = Join-Path (Get-ItemProperty -path $nstPath).Path '\Microsoft.Dynamics.Nav.Management.dll'
# First try to import the management module
Import-Module $managementDllPath -ErrorVariable errorVariable -ErrorAction SilentlyContinue

The Powershell module will always read the registry for the installed version, and take that dll…
So as we can read a bit further into the script, we can just Import-Module of the DLL directly. You will only not get a list of the imported commands.

Import-Module PATHTOMYNSTFOLDER\Microsoft.Dynamics.Nav.Management.dll

Or, if you want to be a bit more easy, you can you the function I created with a fellow colleague below:

function Load-NAVServiceDLL
    param([string] $ServerInstance)
    Remove-Module Microsoft.Dynamics.Nav.Management -Force -ErrorAction SilentlyContinue    

    $path = ([string](Get-WmiObject win32_service | ?{$_.Name.ToString().ToUpper() -like "*NavServer*$ServerInstance*"} | select PathName).PathName).ToUpper()
    $shortPath = $path.Substring(0,$path.IndexOf("EXE") + 3)
    if ($shortPath.StartsWith('"'))
        $shortPath = $shortPath.Remove(0,1)

    $PowerShellDLL = (Get-ChildItem -Path ((Get-ChildItem $ShortPath).Directory.FullName) "Microsoft.Dynamics.Nav.Management.DLL").FullName
    write-host "`nWelcome to the Server Admin Tool Shell!"
    write-host "For a complete list of Server cmdlets type`n"

    # Register Microsoft Dynamics NAV Management DLL
    Import-Module $PowerShellDLL -Force 

    write-host -fore Yellow "Get-Command -Module Microsoft.Dynamics.Nav.Management`n"

    # Print available commands
    Get-Command -Module Microsoft.Dynamics.Nav.Management 

This function can be used with partial NST names:

Load-NAVServiceDLL -ServerInstance PartOfInstance

1 side node though. You cannot run the Import-Module multiple times for the same module (or different version) during the same session. It appears that Powershell keeps using the first imported version, and ignoring the latest you actually selected.

One thought on “Creating users with Powershell

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.