ps/Modules/Alkami.PowerShell.SDK/Public/Set-SDKAppPoolUsers.ps1

function Set-SDKAppPoolUsers {
<#
.SYNOPSIS
    Set the ApplicationPool users to the app pool in question
#>
    [CmdletBinding(DefaultParameterSetName = 'Specified')]
    param(
        [Parameter(Mandatory = $true, ValueFromPipeline = $true, ParameterSetName = 'SDKUserMatrixEntry')]
        [object]$SDKUserMatrixEntry,
        [Parameter(Mandatory = $true, ParameterSetName = 'Specified', Position = 0)]
        [Alias('Username')]
        [string]$AppPoolName,
        [Parameter(Mandatory = $true, ParameterSetName = 'Specified', Position = 1)]
        [string]$Identity,
        [Parameter(Mandatory = $false, ParameterSetName = 'Specified', Position = 2)]
        [securestring]$Password
    )
    begin {
        $logLead = Get-LogLeadName

        Import-Module WebAdministration
    }
    process {
        if ($PSCmdlet.ParameterSetName -eq 'SDKUserMatrixEntry') {
            $Identity = $SDKUserMatrixEntry.DomainUsername
            $AppPoolName = $SDKUserMatrixEntry.AppPoolName
            $Password = $null
        }

        if ([string]::IsNullOrWhiteSpace($AppPoolName)) {
            # Even tho this is required, it could be null from the other parameter
            Write-Verbose "$logLead : Empty AppPoolName for Identity [$Identity]. Nothing to do."
            return
        }

        # [Microsoft.Web.Administration.ProcessModelIdentityType]::ApplicationPoolIdentity is an internal class
        # group Managed Service Accounts are considered SpecificUser
        # $LocalSystem = 0
        # $LocalService = 1
        # $NetworkService = 2
        $SpecificUser = 3
        $ApplicationPoolIdentity = 4

        # Start with the simplest thing possible here, then step up from there
        $processModelValue = @{
            identitytype = $ApplicationPoolIdentity
        }

        if ($null -ne $Password) {
            Write-Debug "$logLead : Updating app pool with password: " $AppPoolName
            $processModelValue = @{
                userName = $Identity
                password = $Password
                identitytype = $SpecificUser
            }
        } else {
            if ($Identity -ne 'ApplicationPoolIdentity') {
                Write-Host "$logLead : Updating [$AppPoolName] app pool with identity [$Identity]"
                $processModelValue = @{
                    userName     = $Identity
                    identitytype = $SpecificUser
                }
            }
            else {
                Write-Host "$logLead : Updating [$AppPoolName] app pool with built-in identity.";
            }
        }

        Set-ItemProperty IIS:\AppPools\$AppPoolName -name processModel -value $processModelValue
        # Start-WebAppPool -Name $AppPoolName
    }
}