Home » PowerShell Tips » Net User Command in CMD

Net User Command in CMD

The Net User command in the Windows CMD manages local and remote user accounts efficiently. It enables the creation, deletion, activation, and deactivation of accounts, along with password management and user-specific configurations like home directories and login times.

The command Net User allow you to create, delete, enable, or disable users on the system and set passwords for the net user accounts.

Windows administrators use the net user command-line tool to add, modify, or delete user accounts in local computers or domains.

Using the net user command, you can retrieve the user account information, add, modify, enable, and disable a user account, set the home directory path, set account expiration, and so on.

Using Net User Command to display user account info
Using Net User Command to display user account info

In this article, we will discuss how to use the net user command-line tool with examples to get user account information, domain account status, and password expiry date.

Net User Command Syntax

The basic syntax for the net user command is as follows:

net user [<UserName> {<Password> | *} [<Options>]] [/domain]
net user [<UserName> {<Password> | *} /add [<Options>] [/domain]]
net user [<UserName> [/delete] [/domain]]

Refer to the below most important net user command parameters:

ParameterDescription
UsernameEnable or disable the user account
PasswordIt specifies the user account name to add, modify, or display user account information
/domainPerform the operation on the domain controller
/active:{no | yes}Enable or disable user account
/commentProvide descriptive comments for the user account
/expiresSpecify the date to expire user account
net helpDisplay help for the net user command
<Options>Specify command-line options
Net User Commands

Refer to the following table to know more about options used in net user command.

Command-line option syntaxDescription
/active:{no | yes}Use this option to enable or disable a user account. The default value is yes (active).
/comment:”<Text>”Use this to provide comments for the user account, max 48 characters, and should be enclosed in quotation marks.
/countrycode:<NNN>/countrycode option is used to set the country code for the user account to display help or error messages in their language. The default value is 0, which means the computer’s default country/region code.
/expires:{{<MM/DD/YYYY> | <DD/MM/YYYY> | <mmm,dd,YYYY>} | never}Use this option to specify the date for the user account to expire. If the expiration date is not specified, it will assume never expires.
/fullname:”<Name>”Specify the user’s full name instead of username.
/homedir:<Path>Use this option to set the path for the user’s home directory.
/passwordchg:{yes | no}Use this to specify if the user can change their own password. The default value is yes.
/passwordreq:{yes | no}It specifies if the user must have a password or not. The default is yes.
/profilepath:[<Path>]Use this option to sets a path for the user’s logon profile. This path points to a registry profile.
/scriptpath:<Path>Use this to set a path for the user’s logon script. <Path> should be relative.
/times:{<Day>[<-Day>][,<Day>[-<Day>]],<Time>[-<Time>][,<Time>[-<Time>]][;] | all}It specifies the times that users are allowed to use the computer.
/usercomment:”<Text>”It specifies that an administrator can add or change the “User comment” for the account.
/workstations:{<ComputerName>[,…] | *}It lists as many as eight workstations from which a user can log on to the network.
net user command options

Net User – List All User Accounts

Use the Net User command without any parameters to list all user accounts on the local computer.

Use the Windows Command prompt to run the Net User command as given below.

net user

The above Windows net user command returns the list of all user accounts on the local computer.

List all user accounts on local computers using net user
List all user accounts on local computers using net user

To get a list of all users within the domain, run the Net User command on the domain controller.

net user

The output of the above command net user gets the domain username accounts.

List all domain user accounts with net user
List all domain user accounts with net user

You can also use the net user command-line tool to get user account information, modify a user account, and check when the password was last set.

Using Net User to Retrieve User Account Information

You can use the Net User command to check the local user details and domain user details in the command prompt.

Check Local User Account Details in Cmd

To retrieve local user account information using the command line, follow these steps:

  1. Open the command prompt
  2. Enter the following command, replacing `[username]` with the username for which you want to retrieve information.

    net user [username]

    For example, to retrieve the user account information for a user named “Toms“, use the following command.
# Get the user account information for Toms user.
net user Toms

The above net user command uses the username to retrieve user details and display net user account information.


C:\>net user Toms
User name                    Toms
Full Name                    John Paul
Comment                      Built-in account for administering the computer/domain
User's comment
Country/region code          000 (System Default)
Account active               Yes
Account expires              Never

Password last set            7/29/2021 6:55:50 PM
Password expires             9/9/2021 6:55:50 PM
Password changeable          7/30/2021 6:55:50 PM
Password required            Yes
User may change password     Yes

Workstations allowed         All
Logon script
User profile
Home directory
Last logon                   8/2/2021 11:53:32 AM

Logon hours allowed          All

Local Group Memberships      *Administrators
Global Group memberships     *Domain Admins        *Group Policy Creator
                             *Schema Admins        *Domain Users
                             *Enterprise Admins
The command completed successfully.


C:\>
net user account details
Display user account details on the local computer

Using net user username /domain to Check Domain User Details in the Command Prompt

To check the domain user details in the command prompt (CMD), you can use the `net user` command with the username parameter.

  1. Open the Command prompt
  2. Use the following command syntax to check the domain user details
    net user [username] /domain

    Replace “[username]” with the username of the domain user whose details you want to retrieve.
  3. Press Enter
  4. net user /domain example
    To check the details of the domain user named “Gary.Willy“, run the following command.

    net user Gary.Willy /domain

The output of the above retrieves the details of the domain user.

c:\>net user Gary.Willy
The request will be processed at a domain controller for domain shellgeek.org.

User name                    Gary.Willy
Full Name                    Willy, Gary[CORP/SNG]
Comment                      Software
User's comment
Country/region code          (null)
Account active               Yes
Account expires              Never

Password last set            12/18/2023 8:26:11 AM
Password expires             3/17/2024 8:26:11 AM
Password changeable          12/19/2023 8:26:11 AM
Password required            Yes
User may change password     Yes

Workstations allowed         All
Logon script
User profile
Home directory
Last logon                   2/24/2024 9:01:12 PM

Logon hours allowed          All

Cool Tip: How to get-aduser in the active directory using PowerShell!

Using Net User to Add Account

You can use the Net User command to create a new user account on your local account or domain.

Create a Local User Account

To create a new local user account, use the `/Add` parameter followed by the desired username.

# Create a new user account on local computer with login name Teresa
net user /Add Teresa

Create a Domain User Account

To create a new user account on a domain, add the `/domain` parameter along with the username and password.

# Create a new user account on domain with login name Peter and password Shell@123
net user /Add /domain Peter Shell@123

The above command creates a user account on the domain with a username Peter and password Shell@123 as plain text in the command line.

Be cautious when entering passwords in plain text. Use “*” after the username to prompt for password entry securely.

net user /Add /domain Peter *

Using Net User to Delete User Account

You can use the Net User command with `/delete` parameter to delete a user account on your local account or domain.

Deleting a Local User Account

To delete a local user account, use the /delete parameter and specify the username, it will delete the user account. It doesn’t ask for confirmation before deleting a user account.

# Delete the user on the local computer
net user /delete Teresa

Deleting a Domain User Account

To delete a domain user account, add the /domain parameter and specify the username.

# Delete the domain user account
net user /delete /domain Peter

Using Net User to Change Local User Account Password

To change a user password using the command line, use the net user command-line tool to set the password.

  • Command Syntax
net user userid password

In the above command, “userid” represents the username, and “password” denotes the new password.

  • Example

To reset the password for the user account “GaryW” on the local computer, run the below command.

net user garyw Test@123

The net user command sets the password “Test@123” for the user account “garyw” on the local computer.

The output of the above command is below.

Using net user to local user account password change
Using net user to local user account password change

Note: Run Windows command prompt using administrator account privileges else it will display “System error 5 has occurred. Access is denied

There is an alternative and secure way to change the user password using the net user cmd tool as below

C:\>net user garyw *
Type a password for the user:
Retype the password to confirm:
The command completed successfully.

In the command, use * after the user name and hit enter.

It will prompt you to type the password for the user: and retype the password to confirm.

While typing a password, it won’t display password text on the command line.

Cool Tip: How to get-aduser password expiration date in PowerShell!

Using Net User /domain to Change Domain User Account Password

Use the net user /domain command to change the domain user account password.

  • Command Syntax

The syntax for the command net user to set the password for the domain user account is:

net user username * /domain
  • Example

To reset the domain user account password, execute the following command.

net user garyw  * /domain

The above net user command sets the password for the user “garyw” on the domain. /domain specifies to perform domain account password change operation.

The output of the above net user /domain password change is below.

Using net user /domain to change domain user account password
Using net user /domain to change domain user account password

Cool Tip: How to use the Get-AdUser cmdlet to manage Active Directory Use Account!

Using Net User to Disable Account

To disable or lock a domain account using the net user command-line tool, use the `/Active:No` and `/domain` parameters and specify the username.

# Disable the user account on domain
net user garyw /Active:No /domain

The above net user command disables the user account or locks the domain user account specified using the user name and `/Active` set to No in the net user /domain command.

Run the command net user garyw /domain to check the user’s account status, it displays Account active : No

C:\>net user garyw /domain
User name                    garyw
Full Name                    Gary Willy
Comment
User's comment
Country/region code          000 (System Default)
Account active               No
Account expires              Never

To disable a local user account, use the /Active:No parameter:

# Disable local user account
net user testadmin /Active:No 

Cool Tip: How to find a disabled aduser using PowerShell!

Using Net User to Enable Domain Account

To enable or unlock the domain user account using the net user command, use the /Active:Yes and /domain parameters and specify the username.

# Enables domain user account
net user garyw /Active:Yes /domain

net user /domain command using /Active option set to Yes enables user account.

To enable a local user account, use the /Active:Yes parameter and specify the username:

net user testadmin /Active:Yes

Using Net User to Set User Password Policy

To restrict users from changing their domain account password or allow domain account user to change their password, use the net user command with /Passwordchg parameter.

Prevent User from Change the Password

To restrict the user from changing their password in the domain, use the `net user` command with `/Passwordchg:No` parameter after the username.

net user garyw /Passwordchg:No

The above command restricts the user account “garyw” on the domain account from changing the password.

Allow the User to Change the Password

To allow users to change the password, use the `net user` command with /Passwordchg:Yes parameter after the username.

net user garyw /Passwordchg:Yes

The above command allows the user account “garyw” to change the password on the domain.

Cool Tip: How to find active directory groups I m in using PowerShell!

Using Net User to Find User Full Name

Use the net user command-line tool to find the user’s full name in the domain using the `Find /i` parameter, specify the “full name“.

net user garyw /domain | Find /i "full name"

The above command finds the full name of the user account “garyw” in the domain, it uses the username /domain to find the user account in the domain and pipes the result to the `Find /i` parameter to retrieve the full name.

C:\Windows\system32>net user garyw /domain | Find /i "full name"
Full Name                    Gary Willy

Using Net User to Set Home Directory Path For User

Use the net user command-line tool to set a home directory path for a new user or existing user using the homedir option.

To Set the home directory path for the new user, run the following command.

# Set the home directory path for user adams
net user adams /domain /add /homedir:C:\users\adams

The net user command creates a new user with the name adams in the domain and sets up the home directory path for the user to C:\users\adams

You can set up a home directory for the existing user as below.

# Set the home directory path for existing user garyw
net user garyw /domain /homedir:C:\users\garyw

The above command sets up the home directory path for the existing user account “garyw” in the domain using the net user command and homdir option.

Cool Tip: How to unlock the ad account in the active directory using PowerShell!

Using Net User to Set Expiry Date for User Account on Local and Domain

Using the net user command, you can easily set an expiry date for the user account on the local computer or domain user account.

The expiration date for the user account has been good practice for organizations to manage security and resource management.

To set up an expiry date for user accounts on the local computer or a Windows 11 user account, use the /expires parameter and specify the date in MM/DD/YYYY format:

# Set expire date for local user account
Net User devadmin /expires:03/05/2023

In the above command, the net user command takes the username as the input parameter and uses `/expires` option to set up the expiry date for the user account on the local computer.

To set up an expiry date for the user account on the domain controller, run the following command.

# Set expire date for domain user account
Net User Toms /domain /expires:09/20/2022

In the above command, the net user takes the user name and uses /domain to set up an expiry date in the domain using the `/expires` option.

Using Net User to Set Login Times for User Account

Using the net user command, you can set log in times for the user account to allow them to be used within specific hours only. Use the /time parameter followed by the allowed login times.

To set login times for the user account on the local computer, execute the following command.

# Set login time to allow user login in specific duration
Net User Toms /time:M-F,07:00-16:00

In the above command, the net user command takes the user name to set up login time for the account to allow login between 7 am to 4 pm on Monday-Friday only.

For domain user accounts, add the /domain parameter:

# Set login time to allow user login in specific duration on the domain
Net User garyw /time:M-F,07:00-16:00 /domain

Net User Command Examples and FAQ

How to reset the user password using the net user command?


Open the Windows command prompt with Administrator privileges and run the following command to reset the password for a user account.

net user userid newpassword

How to use the net user command?


The net user is a command-line tool to manage user accounts on local and domain controllers. To use the net user command, open the command prompt and type the net user command, it will list all user accounts.

net user

How to check domain user details in cmd?


Use the net user command to view the user account details on the domain. The syntax to check user account information is given below.

net user userid

How to use the net user command to see when the password expires?


If you run net user userid on cmd terminal, it retrieves user information that includes the property “Password expires“. Use this property to see the user account password expiry date.

How to use the net user command to check the last login of the user?


To check the last login of the user on the domain using the net user command, run the command prompt and run the below command.

net user Toms /domain | Findstr "Last"
It returns the Last Login date for the user account on the domain.

How to use the net user command to set a password never expires using the command line?


To set the password never expires on the user account using the net user command in the cmd terminal, run the following command.

WMIC useraccount where Name='username' set PasswordExpires=FALSE

For example, to set the administrator password never expires using the net user command,

net user administrator |findstr /C:expires
Returns the output as
Account expires Never
Password expires 2/26/2023 4:10:20 PM

Run the WMIC command to set the PasswordExpires property for the administrator account to false.

WMIC useraccount where Name='administrator' SET PasswordExpires=FALSE

The above command line tool set up the administrator password never set to expire.

Conclusion

I hope the above article on the net user command line tool in the Windows system helps you to understand how to manage net user accounts using the command line.

net user without any option gets all the user accounts on the computer. You can also use the net users command to manage the user accounts on the local and domain controller.

You can find more topics about PowerShell Active Directory commands and PowerShell basics on the ShellGeek home page.