The NET command is used to manage user accounts and groups.
Syntax NET ACCOUNTS [/FORCELOGOFF:{minutes | NO} ] [/MINPWLENGTH:length] [/MAXPWAGE:{days | UNLIMITED}] [/MINPWAGE:days] [/UNIQUEPW:number] [/DOMAIN] NET USER username {password | *} /ADD [options] [/DOMAIN] NET USER [username [password | *] [options]] [/DOMAIN] NET USER username [/DELETE] [/DOMAIN] NET USER username [/TIMES:{times | ALL] NET USER username [/ACTIVE: {YES | NO}] Generate a random password: NET USER username /random NET GROUP groupname {/ADD [/COMMENT:"text"] | /DELETE} [/DOMAIN] NET LOCALGROUP groupname {/ADD [/COMMENT:"text"] | /DELETE} [/DOMAIN] Edit a group: NET GROUP [groupname [/COMMENT:"text"]] [/DOMAIN] NET LOCALGROUP [groupname [/COMMENT:"text"]] [/DOMAIN] NET GROUP groupname Username [...] {/ADD | /DELETE} [/DOMAIN] NET LOCALGROUP groupname Username [...] {/ADD | /DELETE} [/DOMAIN] Delete a group:
NET GROUP groupname /DELETE [/DOMAIN]
NET LOCALGROUP groupname /DELETE [/DOMAIN]
LOCALGROUP will create/modify a group that is local to the computer rather than an Active Directory domain-wide group, see Group Types.
View the current password & logon restrictions for the computer (plus machine
role: Server/ Workstation):
NET ACCOUNTS
View the current password & logon restrictions for the domain:
NET ACCOUNTS /DOMAIN
Set the number of minutes a user has before being forced to log off when the
account expires or valid logon hours expire:
NET ACCOUNTS /FORCELOGOFF:minutes /DOMAIN
Prevent forced logoff when user accounts expire:
NET ACCOUNTS /FORCELOGOFF:NO /DOMAIN
Set the minimum number of characters for a password:
NET ACCOUNTS /MINPWLEN:C /DOMAIN
The range is 0-14 characters; the default is 6 characters.
Set the maximum number of days that a password is valid:
NET ACCOUNTS /MAXPWAGE:dd /DOMAIN
The range is 1-49710; the default is 90 days.
View user account details:
NET USER [/DOMAIN]
Change the password of a local user account:
NET USER LocalUser64 Secr3t
View the password properties of user account 'Ella', this will show if the account requires a password:
NET USER Ella | findstr "Password"
Change the properties of user account 'Ella' to make the password not required. To reverse this, change 'false' to 'true':
WMIC useraccount where name='Ella' set PasswordRequired=false
Synchoronise the user accounts database (PDC and BDC):
NET ACCOUNTS /SYNC /DOMAIN
Set passwords to never expire:
NET ACCOUNTS /MAXPWAGE:UNLIMITED /DOMAIN
Set a minimum number of days that must pass before a user can change a password
(default = 0):
NET ACCOUNTS /MINPWAGE:dd /DOMAIN
Require that new passwords be different from 'x' number of previous passwords:
NET ACCOUNTS /UNIQUEPW:x /DOMAIN
The range for 'x' is 1-24
Create a group
NET LOCALGROUP LocalScanningGroup /add
Add to guests
NET LOCALGROUP guests LocalScanningGroup /add
Then remove the group from guests:
NET LOCALGROUP guests LocalScanningGroup /delete
And delete the group completely:
NET LOCALGROUP LocalScanningGroup /delete
Q324639 - NET.EXE /ADD does not support names longer than 20 characters.
NET.exe - Manage network resources.
NTRIGHTS - Edit user account rights (Logon Locally etc).
DSADD - Add user (computer, contact, group..) to active directory.
DSMOD - Modify user (computer, contact, group..) in active directory.
PRNMNGR - Add, delete, list printers and printer connections.
RunAs - Force a password Sync between a local machine and the domain.
TSPROF - Copy Terminal Server User Profile.
WMIC GROUP - WMI access to Group membership.
WMIC USERACCOUNT - WMI access to User info.
Q149427 - Change Password using the Settings app.
PowerShell: Set-LocalUser - Modify a local user account / Set-adAccountPassword - Modify the password of an AD account.
Equivalent bash command (Linux): useradd - Add user account.