Add AD validation, case-insensitive usernames, and update docs (v0.4.0)

jagger · claude · jagger · commit 9fd1144613c9 · 2026-03-16T13:58:13.000-04:00
- Add-ROUser validates AD account exists via Get-ADUser before insertion
- All username lookups are case-insensitive (COLLATE NOCASE)
- Update command docs, user management guide, getting started, and
  troubleshooting to reflect AD validation and case-insensitive behavior
- Bump module version to 0.4.0

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/Docs/commands/Add-ROUser.md b/Docs/commands/Add-ROUser.md
@@ -11,9 +11,11 @@ Add-ROUser [-Username] <String> [-Password] <String> [-Domain] <String>
 
 ## Description
 Adds a new simulated Active Directory user to the RobOtters SQLite database. The
-password is encrypted via DPAPI before storage. Action weights are automatically
+AD account is validated via Get-ADUser before insertion -- the command fails if the
+account does not exist in Active Directory. The password is encrypted before storage
+(DPAPI by default, AES-256 if RO_ENCRYPT_KEY is set). Action weights are automatically
 seeded from the SeedActionWeights.psd1 data file so the user is ready to participate
-in simulation cycles immediately.
+in simulation cycles immediately. Username lookups are case-insensitive.
 
 ## Parameters
 
diff --git a/Docs/getting-started.md b/Docs/getting-started.md
@@ -6,6 +6,7 @@
 - PSSQLite module (Install-Module PSSQLite -Scope CurrentUser, or manual copy)
 - Delinea Secret Server instance with REST API enabled (/api/v1/*)
 - Secrets and folders that simulated users have access to
+- AD user accounts must exist before adding them to RobOtters
 
 ## Installation
 
diff --git a/Docs/troubleshooting.md b/Docs/troubleshooting.md
@@ -17,6 +17,7 @@
 | "RO_ENCRYPT_KEY is not set" | AES passwords but env var missing | Set `RO_ENCRYPT_KEY` at Machine level and restart PowerShell |
 | All users show empty username/password | Stale module loaded in session | Close PowerShell and reimport in a fresh window |
 | "API_SecretTypeCannotBeCreatedByUser" | User lacks template permissions | Fixed in v0.3.0; CreateSecret now queries available templates dynamically |
+| "AD account 'X' not found" | AD account doesn't exist | Create the AD account before running `Add-ROUser` |
 
 ## Diagnostic Steps
 
diff --git a/Docs/user-management.md b/Docs/user-management.md
@@ -1,6 +1,6 @@
 # User Management
 
-Simulated users are AD accounts whose credentials are stored in the RobOtters SQLite database.
+Simulated users are AD accounts whose credentials are stored in the RobOtters SQLite database. All username lookups are case-insensitive.
 
 ## Adding Users
 ```powershell
@@ -9,7 +9,7 @@ Add-ROUser -Username 'svc.sim01' -Password 'P@ssw0rd!' -Domain 'LAB'
 # With custom active hours
 Add-ROUser -Username 'svc.sim02' -Password 'S3cret!' -Domain 'LAB' -ActiveHourStart '09:00' -ActiveHourEnd '21:00'
 ```
-Passwords are encrypted before storage (DPAPI by default, or AES-256 if `RO_ENCRYPT_KEY` is set). Default action weights are seeded automatically.
+The AD account is validated via `Get-ADUser` before insertion -- the command fails if the account does not exist in Active Directory. Passwords are encrypted before storage (DPAPI by default, or AES-256 if `RO_ENCRYPT_KEY` is set). Default action weights are seeded automatically.
 
 ## Listing Users
 ```powershell
diff --git a/Public/Add-ROUser.ps1 b/Public/Add-ROUser.ps1
@@ -3,9 +3,11 @@ function Add-ROUser {
     .SYNOPSIS
         Register a simulated AD user in the RobOtters database
     .DESCRIPTION
-        Adds a new simulated user. The password is encrypted via DPAPI before
-        storage. Action weights are automatically seeded from
-        Data/SeedActionWeights.psd1. Returns the new user object.
+        Adds a new simulated user. Validates the AD account exists via
+        Get-ADUser before insertion. The password is encrypted before storage
+        (DPAPI by default, AES-256 if RO_ENCRYPT_KEY is set). Action weights
+        are automatically seeded from Data/SeedActionWeights.psd1. Username
+        lookups are case-insensitive. Returns the new user object.
     .PARAMETER Username
         AD username for the simulated user.
     .PARAMETER Password
diff --git a/RobOtters.psd1 b/RobOtters.psd1
@@ -1,6 +1,6 @@
 @{
     RootModule        = 'RobOtters.psm1'
-    ModuleVersion     = '0.3.0'
+    ModuleVersion     = '0.4.0'
     GUID              = 'a1b2c3d4-e5f6-7890-abcd-ef1234567890'
     Author            = 'jagger'
     Description       = 'Secret Server user activity simulator for lab environments'
