How to set "ConnectAs" user in IIS using Powershell

Question

I'm having trouble scripting the "ConnectAs" domain user account for nested web apps in IIS. My target environment is MS Server 2012 R2 with IIS 8, however, I see the same issues on Windows 7 with IIS 7.5.

For example, suppose I have the "Default Web Site". Under that I have "MainApplication". Under that I have another web application for "SubApplication".

I've tried suggestions found on other sites similar to below with partial success: These first 2 statements work.

Set-WebConfigurationProperty "system.applicationHost/sites/site[@name='Default Web Site']/application[@path='/MainApplication']/virtualDirectory[@path='/']" -name "username" -value "mydomain\user" 
Set-WebConfigurationProperty "system.applicationHost/sites/site[@name='Default Web Site']/application[@path='/MainApplication']/virtualDirectory[@path='/']" -name "password" -value "mypassword"

I can't seem to get the syntax right for the next two statements:

Set-WebConfigurationProperty "system.applicationHost/sites/site[@name='Default Web Site']/application[@path='/MainApplication/SubApplication']/virtualDirectory[@path='/']" -name "username" -value "mydomain\user" 
Set-WebConfigurationProperty "system.applicationHost/sites/site[@name='Default Web Site']/application[@path='/MainApplication/SubApplication']/virtualDirectory[@path='/']" -name "password" -value "mypassword"

In a perfect world, I would be able to do something similar to below to quickly make all of the web applications run under the same domain user account:

Get-WebApplication | ForEach-Object { $_ | Set-ItemProperty -Name "username" -Value "domain\user" }
Get-WebApplication | ForEach-Object { $_ | Set-ItemProperty -Name "password" -Value "passwordValue" } 

or something like this:

Get-WebApplication | ForEach-Object { $_.ChildElements | Select-Object -First 1 | Get-Member -Name "Attributes" | Set-Member -Name "userName" -Value "domain\username" }

Is there a good way to script set all sites, apps, etc to run under a domain user account?

Answer 1

The solution I ended up using was to utilize a xpaths to get the full path for each site, app, & virtual directory. I found that each type needed to be iterated independently. Below is the function I ended up creating to resolve the issue.

function Set-IIS-ConnectAsUser($username, $password)
{
    $dir = Get-Location

    cd IIS:\Sites

    # update all the web sites to run under the context of the specified user
    $webSites = Get-Website
    ForEach($webSite in $webSites)
    {
        $siteName = ($webSite | Select -Property "Name").name
        $fullPath = "system.applicationHost/sites/site[@name='$siteName']/application[@path='/']/virtualDirectory[@path='/']"
        Set-WebConfigurationProperty $fullPath -Name "username" -Value $username
        Set-WebConfigurationProperty $fullPath -Name "password" -Value $password
    }

    # update all the web applications to run under the context of the specified user
    $apps = Get-WebApplication
    ForEach($app in $apps)
    {
        $xpath = ($app | Select -Property "ItemXPath").ItemXPath
        $fullPath = "$xpath/virtualDirectory[@path='/']" 
        $fullPath = $fullPath.Substring(1)
        Set-WebConfigurationProperty $fullPath -Name "username" -Value $username
        Set-WebConfigurationProperty $fullPath -Name "password" -Value $password
    }

    # update all the virtual directories to run under the context of the specified user
    $virtualDirs = Get-WebVirtualDirectory
    ForEach($vdir in $virtualDirs)
    {
        $xpath = ($vdir | Select -Property "ItemXPath").ItemXPath
        $fullPath = $xpath.Substring(1)
        Set-WebConfigurationProperty $fullPath -Name "username" -Value $username
        Set-WebConfigurationProperty $fullPath -Name "password" -Value $password
    }


    cd $dir
}