In this tutorial, you will learn how to use the net user command to create, delete and change user accounts in the Windows command prompt (CDM).
We can perform the following tasks using the net user command:
- View user accounts.
- Add and Remove user accounts.
- Activate and Deactivate user accounts.
- Change the user password.
If you are operating in an Active Directory domain environment, always use the /domain command switch to execute the net user command on the domain controller rather than on the local computer.
Examples
List users on the local computer:
net userList users on the domain controller:
net user /domainThis command displays detailed information about the Administrator account:
net user AdministratorCreate a user named user1 with a password of strongPassword:
net user /add user1 "strongPassword"Delete the user user1 from the computer:
net user /delete user2This command enables the built-in Administrator account on Windows 10/11:
net user Administrator /active:yesThis command sets (changes) the Administrator account password:
net user Administrator "adminPassWord"Execute the following command to disable the Administrator account on Windows 10/11:
net user Administrator /active:noThis command forces the user user1 to change the password at the next logon:
net user user1 /logonpasswordchg:yesCreate a user; the user must change the password at the next logon:
net user /add user1 "strongPassword" /logonpasswordchg:yesCreate a new user; the account expires on January 31st:
net user /add user1 "strongPassword" /expires:01/31/2023Command Options
| username | The name of the user to create, delete, view, or modify. |
| password | Password for the user. |
| * | Use this option to produce a prompt for the password. |
| /add | Use this option when you want to create a new user. |
| /delete | Use this option to remove a user from the Windows system. |
| /active:{yes | no} | Activates or Deactivates a user. The default is yes when creating a new user. |
| /expires:{date | never} | Use this option to set the expiration date (mm/dd/yy) for an account. The default is never. |
| /fullname:»name» | Full name of the user. |
| /passwordchg:{yes | no} | Specifies whether users can change their own password. The default is yes. |
| /passwordreq:{yes | no} | No means the user can log in without a password. The default is YES. |
| /logonpasswordchg:{yes|no} | Specifies whether the user should change the password at the next logon. The default is NO. |
| /homedir:path | The home directory location. |
| /comment:»text» | Use this option to add a description to the user’s account. |
You can view the manual page by typing net help user at the command prompt.
View a User
When you execute the net user command without any options, it displays a list of user accounts on the computer.
net userYou will see an output similar to the following:
Add the /domain command switch if you want to list users on the Active Directory Domain controller.
net user /domainTo see detailed information about a particular user, execute the command net user Username, where the Username is the name of the user you want to view. For example, you can view the Administrator account by running the following command:
net user AdministratorCreate and Delete User Accounts
To create a user account, use the following syntax:
net user /add UserName PasswordFor example, the following command creates a user named user1 with a password of strongPassword:
net user /add user1 "strongPassword"Use an asterisk (*) in place of the password to produce a prompt, as shown in the following example:
net user /add user1 *
Alternatively, you can also use the /random option to generate a strong random password, as shown in the following example:
net user /add user1 /randomThe randomly generated password will be displayed on the command prompt after you execute the command.
To delete a user, use the following syntax:
net user /delete UserNameThe following command deletes the user user1 from the computer:
net user /delete user2Change Passwords
To change passwords, use the following syntax:
net user UserName New-PasswordUse an asterisk (*) or /random in place of the password to produce a prompt or generate a random password:
net user UserName *
net user user1 /randomNotes
The net user command is most of the time used in Windows Server to manage Active Directory users.
Windows 10/11 uses a new Settings pane to manage users, but the net user command is still useful for some tasks. For example, if you want to activate the built-in Administrator account, it is easy to do that using this command.
While working at the command prompt, run the net help user command to see all available command options.
In the next tutorial, we are going to learn how to manage Windows groups using the net localgroup CMD command.
Adding users from command line is much easier rather than going through UI. It saves lot of time for Windows admins to add users in bulk using CLI commands/script. Net user command is the one that Windows users can use to manage user accounts, read on to know how to add users from CMD.
To add a new user account on local computer:
net user username password /ADD
Example: To add a new user account with the loginid John and with password fadf24as
net user John fadf24as /ADD
Hide password
If you do not want the password to be visible while adding new user account, you can use ‘*’ as shown below.
C:\>net user /add John * Type a password for the user: Retype the password to confirm: The command completed successfully. C:\>
To add a new user account to the domain:
net user username password /ADD /DOMAIN
Note that the command does not include the name of the domain, it automatically adds to the domain the computer belongs to.
Example:
net user John fadf24as /ADD /DOMAIN
Rename a user account
Net use command does not have any switches to rename a user account. But we can do that using wmic commands. Please check this – Rename user accounts on Windows
Few more advanced uses of net user command.
To set user full name while creating the user account
net user username password /ADD /FULLNAME:"User_Fullname"
To allow user to change password:
net user username password /ADD /PASSWORDCHG:Yes
To restrict user not to change the password:
net user username userpasswd /ADD /PASSWORDCHG:NO
To set account expiry time we can use /EXPIRES switch. This can also be used to set that the account never expires.
To specify if the user must have a password set we can use /PASSWORDREQ switch. For more information on all net user options, read this – Net user command: syntax and examples
How to create a new administrator account?
An administrator account can’t be created directly. We first need to create a user account and then add the user to the administrators group.
Errors:
- If you don’t have privileges to add new user account to the system, you would get an error like below.
C:\>net user John /add System error 5 has occurred. Access is denied. C:\>
- While adding user to domain, make sure that your computer is connected to the domain. Otherwise it throws up below error.
C:\>net user testuser testpassword /ADD /DOMAIN The request will be processed at a domain controller for domain mydomain.com. System error 1355 has occurred. The specified domain either does not exist or could not be contacted.
Related Posts:
Remove user from group
Прочитано: 5 288
Продолжаем тему настройки текущего домена polygon.local
Сейчас я покажу каким образом можно создать пользователя, активировать его и включить к примеру в группу доменных администраторов и всё это посредством командной строки.
Из предыдущего поста по созданию организационного подразделения у нас есть контейнер IT.
Нажать сочетание клавиш “Win+R” для вызова диалогового окна “Run” (Выполнить) и набрать в нем команду “cmd“.
Для создания учетных записей нужно обладать правами “Domain Admins” или быть делегированным администратором.
Перед нам откроется окно командной строки, в нем наберем:
Вывод пути где распологается подразделение IT:
C:\Users\Administrator>dsquery ou -name IT
“OU=IT,DC=polygon,DC=local”
Создаем пользователя в указанном подразделении:
C:\Users\Administrator>dsadd user “cn=ekzorchik,ou=IT,dc=polygon,dc=local”
Создаем пароль для учетной записи:
C:\Users\Administrator>dsmod user “cn=ekzorchik,ou=IT,dc=polygon,dc=local” -pwd Aa1234567
dsmod succeeded:cn=ekzorchik,ou=IT,dc=polygon,dc=local
Активируем учетную запись:
C:\Users\Administrator>dsmod user “cn=ekzorchik,ou=IT,dc=polygon,dc=local” -disabled no
dsmod succeeded:cn=ekzorchik,ou=IT,dc=polygon,dc=local
Добавляем учетную запись в группу Domain Admins:
C:\Users\Administrator>dsmod group “CN=Domain Admins,CN=Users,DC=polygon,DC=local” -addmbr “CN=ekzorchik,OU=IT,DC=polygon,DC=local”
dsmod succeeded:CN=Domain Admins,CN=Users,DC=polygon,DC=local
Для наглядного просмотра, что мы только, что сейчас сделали предлагаю воспользоваться Active Directory Users and Computers.
Из меню “Start” – “Control Panel” – “Administrative Tools” – запускаем оснастку “Active Directory Users and Computers”.
Такой способ более удобен если нужно создать структуру с помощью скрипта без запуска GUI интерфейса оснасток.
The command Net User allows you to manage your local and even your domain users from the command line. It’s mainly used to quickly add, delete or disable user accounts from the command line. But it can do more than just that. The tool can be used in both command prompt and PowerShell.
For managing domain users, I recommend using the PowerShell ActiveDirectory module. It comes with more options and allows you to filter, copy and search users and set or change all properties. But as mentioned, you can also perform basic tasks with the Net User command for domain users.
In this article
In this article, we are going to take a closer look at the Net User command. I will explain how you can add, and remove accounts, change passwords, and more.
The Net User command is a command-line utility that you can run in any terminal on Windows. But to use it you will need to have Administrator permissions on the computer. Without it, you won’t be able to create new user accounts for example. Also, make sure that you open Windows PowerShell or Windows Terminal in Admin mode.
Note
If you get the error “System error 5 has occurred. Access is denied” Then you haven’t start the command prompt or PowerShell with administrator privileges.
The most important parameters of the Net User command are:
| Parameter | Description |
|---|---|
| <username> | Specify the username to the account you want to perform the action on |
| <password> | Set or change the password for the specified user account. Use * to get a prompt for the password. |
| /domain | Used for managing domain accounts |
| /add | Create a new user account |
| /delete | Delete a user account |
| /active | Enable or disable the user account. Options are yes or no. |
| /expire | Set the date when the account expires |
| /time | Specifies the times that a user is allowed to log in |
| /homedir | Set the home directory path of the user account. |
List all users
When you enter the command Net User without any parameters, then it will list all user accounts on the computer. If you run the command on the Domain Controller, then it will list all domain accounts.
Net User # Or you can also type Net Users
In the first screenshot above you will see the results on a local computer, the second one are all the users from the local domain.
When you specify the username you will see all the details from the user account
# Get the user details for Zoe Tucker net user ztucker
Net User Add Account
The Net User command can be used to create new user accounts on your computer and in your domain. To create a user account you will need to add the /add parameter and specify the username. A password is by default not required on a local computer. For domain accounts, however, you will need to specify the password as well.
# Create a new local user account with the login name lazyadmin Net User /Add lazyadmin
For entering the password you have two options, you can type it in plain text in the command line or use the * which will show you a prompt to enter the password.
# Create a new domain user with username testusr and passswd123 Net User /add /domain testusr passwd123 # Prompt for the password Net User /add /domain testusr *
The new domain user is placed in the built-in OU “Users”.
When creating a user we can also specify login details, home directory path, etc of the user. I will explain each command later in the article. But to give you an idea of the possible options, we are going to create a user with the following details:
- Username: testusr
- Password: prompt
- Full name: Test User
- Password required: yes
- Allowed to login between: Monday to Friday between 08:00 and 17:00
- Home folder directory: \\lazyadmin.local\home\testusr
- Script path: \\lazyadmin.local\netlogon\welcome.bat
Net User /add /domain testusr * /fullname:"Test User" /passwordreq:yes /time:M-F,08:00-17:00 /homedir:"\\lazyadmin.local\home\testusr" /scriptpath:"\\lazyadmin.local\netlogon\welcome.bat"
Net User Delete User Account
We can also use the command line tool to delete user accounts, both local and from the domain. For this, you will need to use the parameter /delete and enter the username. Important to note is that the command tool won’t ask for confirmation. So be careful when using the delete option.
# Delete the local user Lazyadmin Net User /delete lazyadmin # Delete a domain user Net User /delete /domain testusr
Net User Change or Set Password
One of the common tasks for an IT Helpdesk is to reset a user’s password. Of course, you can reset the password in the Active Directory. But it’s also possible with the command Net User. Resetting passwords is not limited to domain accounts, you can also use this method for local computer accounts.
To reset a password you will need to specify the username and then either type in the password or type * after which you can securely type the password:
# Set the password for LazyAdmin to passwd123 Net User LazyAdmin passwd123 # Pormpt for the new password Net User LazyAdmin *
When it’s a domain user, then just add the /domain parameter. Make sure that the password meets the complexity requirements of the domain
# Reset the password for the domain user tesusr Net User /domain testusr *
Enable or Disable User accounts
We can also use the command-line tool to enable and disable accounts. This is particularly useful when a user is locked out or when you quickly need to disable an account. To do this we are going to use the parameter /Active:yes|no
The command can be used for local computer accounts as for domain accounts:
# Disable local account Net User lazyadmin /active:no # Disable domain user account Net User tesusr /Domain /Active:no
To enable an account, simply replace /Active:no with /Active:yes
Set Expire date for User Account
If you know the data that an employee leaves the organization then it’s a good idea to set the expired date for the account. This way the account is automatically locked after the specified data. The date format depends on your region settings, but the options are:
- MM/DD/YYYY
- DD/MM/YYYY
- mmm,dd,YYYY
Account expiration settings are not limited to a domain account, you can also set the expired date on a local Windows 10 or 11 user account.
# Set expire date for local user Net User lazyadmin /expires:21/09/2022 # Set expire data for domain user Net User testusr /domain /expires:09/20/2022
Set login times for User Account
Some accounts are only allowed to be used between specific hours, office hours for example. We can specify these hours with the /time parameter. To specify the time we will need to enter the days and hours between the account is allowed to log in.
You can use different notions for the days and hours (12-hour or 24-hour notation), and we can specify multiple time blocks by separating them with the semi-column ;.
# Allow login during office hours only Net User lazyadmin /time:M-F,08:00-17:00 # Or in 12-hour notation Net User lazyadmin /time:M-F,8am-5pm # Specify multiple blocks Net User lazyadmin /time:M,08:00-17:00;W,08:00-13:00;F,08:00-17:00
Net User Password settings
When you create a new account you can set a password for the account as well. But when it comes to passwords we have two other interesting parameters, passwordchg and passwordreg. The first determines if the user can change the password. This setting is really useful for kiosk accounts. The user can’t change the password when this is set to no.
# User lazyadmin can't change it's password net user lazyadmin /passwordchg:no
The parameter passwordreg is used to specify it a user account must have a password. If this is set to no, then the user can remove their password, making the device vulnerable.
net user lazyadmin /passwordreg:yes
Home Directory Path
The last parameter that I want to mention is the home directory path. If you want to store the home directory of the user on a network share then you can set the path to the folder with the parameter /homedir. But make sure that the full path, including the user’s folder, exists.
# Set the home directory for testusr net user testusr homedir:"\\lazyadmin.local\home\testusr"
Wrapping Up
The Net User command is great when wanting to quickly enable or disable a user account or reset a password. Also, it’s great to manage local computer accounts on small networks. When working with domain accounts I prefer to use the Active Directory module in PowerShell.
I hope you found this article useful, if you have any questions, just drop a comment below.
What to Know
- Enter the net user command into Command Prompt for a list of all the local user accounts.
- The net user command can add, remove, and make changes to the user accounts on a computer.
- Some switches that work with this command include username, password, /add, and /delete.
This article describes how to use the net user command in Windows. Included on this page are the various net user switches and some examples of the net user command that you can adapt for your own commands.
Net User Command Syntax
net user [username [password | *] [/add] [options]] [/domain]] [username [/delete] [/domain]] [/help] [/?]
See How to Read Command Syntax if you’re not sure how to read the net user command syntax explained above or in the table below. The availability of certain net user command switches and other net user command syntax may differ from operating system to operating system.
| Net User Command Options | |
|---|---|
| Option | Explanation |
| net user | Execute the net user command alone to show a very simple list of every user account, active or not, on the computer you’re currently using. |
| username | This is the name of the user account, up to 20 characters long, that you want to make changes to, add, or remove. Using username with no other option will show detailed information about the user in the Command Prompt window. |
| password | Use the password option to modify an existing password or assign one when creating a new username. The minimum characters required can be viewed using the net accounts command. A maximum of 127 characters is allowed1. |
| * | You also have the option of using * in place of a password to force the entering of a password in the Command Prompt window after executing the net user command. |
| /add | Use the /add option to add a new username on the system. |
| options | See Additional Net User Command Options below for a complete list of available options to be used at this point when executing net user. |
| /domain | This switch forces net user to execute on the current domain controller instead of the local computer. |
| /delete | The /delete switch removes the specified username from the system. |
| /help | Use this switch to display detailed information about the net user command. Using this option is the same as using the net help command with net user: net help user. |
| /? | The standard help command switch also works with the net user command but only displays the basic command syntax. Executing net user without options is equal to using the /? switch. |
[1] Windows 98 and Windows 95 only support passwords up to 14 characters long. If you’re creating an account that might be used from a computer with one of those versions of Windows, consider keeping the password length within the requirements for those operating systems.
The following options are to be used where options is noted in the net user command syntax above:
| Additional Net User Command Options | |
|---|---|
| Option | Explanation |
| /active:{yes | no} | Use this switch to activate or deactivate the specified useraccount. If you don’t use the /active option, the net user assumes yes. |
| /comment:»text« | Use this option to enter a description of the account. A maximum of 48 characters is allowed. The text entered using the /comment switch is viewable in the Description field in a user’s profile in Users and Groups in Windows. |
| /countrycode:nnn | This switch is used to set a country code for the user, which determines the language used for error and help messages. If the /countrycode switch isn’t used, the computer’s default country code is used: 000. |
| /expires:{date | never} | The /expires switch is used to set a specific date (see below) in which the account, not the password, should expire. If the /expires switch isn’t used, never is assumed. |
| date (with /expires only) | If you choose to specify a date then it must be in mm/dd/yy or mm/dd/yyyy format, months and days as numbers, fully spelled out, or abbreviated to three letters. |
| /fullname:»name« | Use the /fullname switch to specify the real name of the person using the username account. |
| /homedir:pathname | Set a pathname with the /homedir switch if you want a home directory other than the default2. |
| /passwordchg:{yes | no} | This option specifies whether this user can change his or her own password. If /passwordchg is not used, the net user assumes yes. |
| /passwordreq:{yes | no} | This option specifies whether this user is required to have a password at all. If this switch isn’t used, yes is assumed. |
| /logonpasswordchg:{yes | no} | This switch forces the user to change his or her password at the next logon. Net user assumes no if you don’t use this option. The /logonpasswordchg switch is not available in Windows XP. |
| /profilepath:pathname | This option sets a pathname for the user’s logon profile. |
| /scriptpath:pathname | This option sets a pathname for the user’s logon script. |
| /times:[timeframe | all] | Use this switch to specify a timeframe (see below) that the user can log on. If you don’t use /times then net user assumes that all times are okay. If you do use this switch, but don’t specify either timeframe or all, then net user assumes that no times are okay and the user is not allowed to log on. |
| timeframe (with /times only) | If you choose to specify a timeframe you must do so in a particular way. Days of the week must be spelled out completely or abbreviated in MTWThFSaSu format. Times of day can be in a 24-hour format, or 12-hour format using AM and PM or A.M. and P.M. Periods of time should use dashes, day and time should be separated by commas and day/time groups by semicolons. |
| /usercomment:»text« | This switch adds or changes the User Comment for the specified account. |
| /workstations:{computername[,…] | *} | Use this option to specify the hostnames of up to eight computers that the user is allowed to log on to. This switch is really only useful when used with /domain. If you don’t use /workstations to specify allowed computers then all computers (*) is assumed. |
[2] The default home directory is C:\Users\[username]\ in Windows 11, Windows 10, Windows 8, Windows 7, and Windows Vista. In Windows XP, the default home directory is C:\Documents and Settings\[username]\. For example, if the user account on a Windows 11 tablet is named «Tim,» the default home directory created when the account was first set up was C:\Users\Tim\.
Net User Command Examples
Below are a few ways you might use this command.
Get the Full List of Users
This first example of the net user command shows that in its simplest form (enter net user), it will produce a list of all the users on the computer, much like this:
Administrator DefaultAccount ExtraGuest jonfi WDAGUtilityAccount
This computer has over a dozen user accounts, so they’re separated into multiple columns.
You can also use net users in place of net user. They’re completely interchangeable.
Examine One User
net user administrator
In the above net user example, the command produces all the details on the administrator user account. Here’s an example of what might display:
User name AdministratorFull NameComment Built-in account for administering the computer/domainUser's commentCountry/region code 000 (System Default)Account active NoAccount expires NeverPassword last set 8/24/2020 1:21:25 PMPassword expires NeverPassword changeable 8/24/2020 1:21:25 PMPassword required YesUser may change password YesWorkstations allowed AllLogon scriptUser profileHome directoryLast logon 11/9/2021 11:48:13 AMLogon hours allowed AllLocal Group Memberships *AdministratorsGlobal Group memberships *None
As you can see, all the details for that user on this computer are listed.
Change When a User Can Log In
net user rodriguezr /times:M-F,7AM-4PM;Sa,8AM-12PM
Here’s an example where the rodriguezr account is having its login days and times changed.
Make a New User
net user nadeema r28Wqn90 /add /comment:"Basic user account." /fullname:"Ahmed Nadeem" /logonpasswordchg:yes /workstations:jr7tww,jr2rtw /domain
We thought we’d throw the kitchen sink at you with this one. This is the kind of net user application you might never do at home, but you might very well see in a script published for a new user by the IT department in a company.
Here, we’re setting up a new user account with the name nadeema, and setting the initial password as r28Wqn90. This is a standard account in our company, which we note in the account itself [/comment:»Basic user account.«], and is the new Human Resources executive, Ahmed [/fullname:»Ahmed Nadeem«].
We want Ahmed to change his password to something he won’t forget, so we want him to set his own the first time he logs on [/logonpasswordchg:yes]. Also, Ahmed should only have access to the two computers in the Human Resources office [/workstations:jr7twwr,jr2rtwb]. Finally, our company uses a domain controller [/domain], so Ahmed’s account should be set up there.
As you can see, the net user command can be used for a lot more than simple user account adds, changes, and removals. We configured several advanced aspects of Ahmed’s new account right from Command Prompt.
Delete a User
net user nadeema /delete
Now, we’ll finish off with an easy one. Ahmed [nadeema] didn’t work out as the latest HR member, so he was let go, and his account removed [/delete].
Net User Command Availability
The net user command is available from within the Command Prompt in most versions of Windows including Windows 10, Windows 8, Windows 7, Windows Vista, Windows XP, Windows Server operating systems, and some older versions of Windows, too.
Net User Related Commands
The net user command is a subset of the net command and so is similar to its sister commands like net use, net time, net send, net view, etc.
Thanks for letting us know!
Get the Latest Tech News Delivered Every Day
Subscribe