Managing user accounts from windows command line

We can rename a local user group from windows command line using  wmic group command. Syntax for the rename operation is given below.

wmic group where name='groupname' rename newname

Example:

To rename local group ‘Users1′ as ‘Users2′ we can run the below command.

C:\>wmic group where name='users1' rename users2
Executing (\\WINCMD-PC\ROOT\CIMV2:Win32_Group.Domain="WINCMD-PC",Name="users2")->rename()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
ReturnValue = 0;
};
C:\>

 

On Windows OS we can find the list of local user groups created on a system from Contorl Panel -> User Accounts. This information can be obtained from command line also using netcommand.  Syntax is shown below.

net localgroup

Example: Running this command shows the following local groups on my system.

C:\>net localgroup
Aliases for \\techblogger-pc
----------------------------------------------------------------------------
*Administrators
*Backup Operators
*Debugger Users
*Guests
*Network Configuration Operators
*Power Users
*Remote Desktop Users
*Replicator
*Users
The command completed successfully.

How to list the users in a local group?

Use the below command to know the list of members of a group from command line.

net localgroup groupName

For example to get the list of all remote desktop users on a system we can run the below command.

net localgroup "Remote Desktop users"

How to find the list of all groups a user is member of?
You can run the below command to list the groups a user is member of.  This command prints the details of the given user account. You can find the group membership information in the last two line of this command output.

net user userName

Example:

H:\>net user John
User name                   John
Full Name
Comment
User's comment
Country code                 000 (System Default)
Account active               Yes
Account expires              Never
Password last set            12/2/2010 11:00 PM 
Password expires             4/1/2011 11:00 PM 
Password changeable          12/2/2010 11:00 PM 
Password required            Yes 
User may change password     Yes 
Workstations allowed         All 
Logon script 
User profile 
Home directory 
Last logon 
Logon hours allowed          All 
Local Group Memberships      *Debugger Users       *Users 
Global Group memberships     *None

In Windows computer we can add users to a group from command line. We can use net localgroup command for this.

net localgroup group_name UserLoginName /add

For example to add a user to administrators group, we can run the below command. In the below example I have taken username as John.

net localgroup administrators John /add

Few more examples:

To add a domain user to local users group:

net localgroup users domainname\username /add

This command should be run when the computer is connected to the network. Otherwise you will get the below error.

H:\>net localgroup users domain\user /add
System error 1789 has occurred.
The trust relationship between this workstation and the primary domain failed.

To add a domain user to local administrator group:

net localgroup administrators domainname\username /add

To add a user to remote desktop users group:

net localgroup "Remote Desktop Users" UserLoginName  /add

To add a user to debugger  users group: 

net localgroup "Debugger users" UserLoginName /add

To add a user to Power users group: 

net localgroup "Power users" UserLoginName /add

This command works on all editions of Windows OS i.e Windows 2000, Windows XP, Windows Server 2003, Windows Vista and Windows 7. In Vista and Windows 7, even if you run the above command from administrator login you may still get access denied error like below.

C:\> net localgroup administrators techblogger /add
System error 5 has occurred.
Access is denied.

The solution for this is to run the command from elevated administrator account. See How to open elevated administrator command prompt

When you run the ‘net localgroup’ command from elevated command prompt:

C:\>net localgroup administrators techblogger /add
The command completed successfully.

To list the users belonging to a particular group we can run the below command.

net localgroup group_name

For example to list all the users belonging to administrators group we need to run the below command.

net localgroup administrators

We can create a user group on the local computer from Windows command line using ‘net localgroup‘ command.

net localgroup group-name /add

Example:
To add a new group ‘Group1

C:\>net localgroup Group1 /add
The command completed successfully.
C:\>

To delete a user group:

net localgroup group-name /delete

For example to delete the user group Group1 created in the above example, we can run the below command.

net localgroup Group1 /delete

Net localgroup command can be used on the local computers whereas net group command can be used on domain controller machines.

Rename a local user group:

net localgroup command does not have any option to rename a group. We can use wmic command to rename a group. Below is the command for this.

wmic group where "name='groupname' " call rename newgroupname

Ex: Rename the group ‘group1′ as ‘group2′

wmic group where "name='group1' " call rename group2

Example:

C:\>net localgroup "group name with spaces" /add
The command completed successfully.

C:\>net localgroup
Aliases for \\MYPC
-------------------------------------------------------------------------------
*Administrators
*Backup Operators
*group name with spaces
.......
The command completed successfully.
C:\>