We do this for all our CRM systems, but not setting the PS using a variable. As long as the PS is set in security, you can use variables to set the user name and password (temporary), but use a variable identifying the PS and use If and Else If checking for the PS variable and then using the appropriate 'Add Account' function with a preset PS.
So you may be using:
If ($ps = "User")
Add Account [Account Name: $user; Password: $pw; Privilege Set: User)
Else If ($ps = "UserNoDelete"
Account [Account Name: $user; Password: $pw; Privilege Set: UserNoDelete)
Not ideal, but it works.
Of course! That'll work fine, thanks Andy.
When you use the Add Account script step, Privilege Set is available as a pull down menu. You can choose which of the existing privilege sets to assign, or you can create a new privilege set (but not during the RUNNING of the script). The script step will NOT allow you to assign [Full Access] privileges. I also always do what it looks like CICT does, which is to assign the password and select the "User must change password on next login".