NET USER
The syntax of this command is:
NET USER [username [password | \*] [options]] [/DOMAIN:domainname]
username [password | \*] /ADD [options] [/DOMAIN:domainname]
username /DELETE [/DOMAIN:domainname]
This command adds, modifies, and deletes user accounts, or displays
user account information, on a server or in a domain.
COMMENTS
To display the names of users on the server, type "net user"
without options. To display the names of users in a particular
domain, type "net user /domain:domainname". And similarly, to
display information about a particular user account, type
"net user username" or "net user username /domain:domainname".
Use the "net perms" command to define a user's permissions
to use shared resources.
When you type the "net user" command at a backup domain
controller, changes to the user account automatically occur
on the primary domain controller and then are replicated to
backup domain controllers.
For security reasons, do not assign a null password to an
account with administrative privilege.
The options of this command are:
username - is the name of the user account (with as many as
20 characters) to add, delete, modify, or view.
Usernames containing spaces must be quoted.
password - assigns or changes a password (with as many as 14
characters) for the user's account. A password must
satisfy any minimum length set with the /minpwlen
option of the "net accounts" command.
\* - produces a prompt for the password. The password will
not be displayed when you type it.
/ACCOUNTTYPE:{Global | Local} - specifies whether the user
account is global (for regular user accounts in this
domain), or local (for users from untrusted domains).
The default is Global.
/ACTIVE:{NO | YES} - deactivates or activates the user
account. If the user account is not active, the user
cannot access resources on the server. The default is
YES (active).
/COMMENT:"text" - provides a descriptive comment about the
user's account. This comment can have as many as 48
characters. Enclose the text in quotation marks.
/COUNTRYCODE:# - uses the operating system country codes to
implement the specified language files for a user's
help and error messages. A value of "0" signifies the
default country code.
/EXPIRES:{date | NEVER} - causes the user account to expire
if date is set. NEVER sets no time limit on the user
account. Expiration dates can be in mm,dd,yy format.
Note that the account expires at the beginning of the
date specified. Months can be a number, spelled out,
or abbreviated with three letters. Year can be two or
four numbers. Use a comma or slash to separate parts
of the date (no spaces). If yy is omitted, the next
occurrence of the date (according to your computer's
date and time) is assumed. For example, the following
date entries are equivalent if entered between
Jan. 10, 1995 and Jan. 8, 1996:
jan,9
1/9/96
january,9,1996
1/9
/FULLNAME:"name" - adds a user's full name (rather than
username). Enclose the name in quotation marks.
/HOMEDIR:pathname - sets the pathname for the user's home
directory. The pathname can be an absolute path or a
network path. The default USERPATH is found in the
\SYSTEM\CurrentControlSet\Services\LanmanServer\
Parameters\UserPath value in the Registry. For
example, UserPath could have the value c:\home\lanman.
This option does not create a home directory and does
not check to see if one exists.
If specified with a home directory drive option, the
pathname must be a UNC name.
/HOMEDIRDRIVE:{drive letter} - specifies a home drive letter,
for example z:, to connect the user's remote home directory
as a network drive. The remote home directory must be set
and it must be a UNC name.
/PASSWORDCHG:{YES | NO} - specifies whether users can change
their own password. The default is YES.
/PASSWORDEXP:{YES | NO} - specifies whether the password expires
when the maximum password age is reached (YES), or never
expires (NO). The default is YES.
/PASSWORDMUSTCHG:{YES | NO} - specifies whether the user must
change password at next logon. The default is NO.
/PASSWORDREQ:{YES | NO} - specifies whether a user account
must have a password. The default is YES.
/PRIMARYGROUP:[groupname] - sets a primary group for the user.
The primary group can be any of the global groups to
which the user belongs. The default is "Domain Users".
/PROFILEPATH:[pathname] - sets a path for the user's logon
profile.
/SCRIPTPATH:[pathname] - sets a pathname for the user's
logon script. This pathname is relative to the
directory listed in the \SYSTEM\CurrentControlSet\
Services\Netlogon\Parameters\Scripts" value in
the Registry.
/TIMES:{times | ALL} - specifies the times the user is
allowed to use the server. The times value is
expressed as day[-day][,day[-day]],time[-time]
[,time[-time]], limited to 1-hour time increments.
Days can be spelled out or abbreviated in the
configured language (for example, M,T,W,TH,F,SA,SU).
Days spelled out in English are accepted independent
of the configured language. Hours can be 12- or 24-hour
notation. For 12-hour notation, use AM, PM, or A.M.,
P.M. The value ALL means a user can always log on.
A null value (blank) means a user can never log on.
Separate day and time with a comma, and units of day
and time with a semicolon (for example,
M,4AM-5PM;T,1PM-3PM). For 24-hour notation, the format
must be hh:00.
In the UNIX operating system, the semicolon is a
special character that must be preceded by a backslash
( \ ).
Do not use spaces when designating /TIMES.
/USERCOMMENT:"text" - lets an administrator add or change
the ``User comment'' for the account. Enclose the text
in quotation marks.
/USERNAME:"new_name" - renames a user's name. Enclose the new_name
in quotation marks.
/WORKSTATIONS:{computername[,...] | *} - lists as many as
eight clients from which a user can log on to the
network. Separate multiple entries in the list with a
comma. If /WORKSTATIONS has no list, or if the list
is "*" , the user can log on from any client. If you
impose a restriction on a user's client, the user will
not be able to "net logon" at the UNIX system console.
/ADD - adds a user account.
/DELETE - removes a user account.
/I:NUMBER - instances number.
EXAMPLES
At a UNIX system console, to display a list of all the users in
the local accounts database, type the following:
net user
Note that on a primary or backup domain controller, the local
accounts database is the same as the domain database, but on a
member server, the local accounts database is specific to the
server.
To display a list of all the users in a domain called market_dom,
type the following:
net user /domain:market_dom
This is how to display the users in the domain from a member
server, for example. It is also how to display the users in a
trusted domain, regardless of the local machine's role in its own
domain.
To add a user "jennyt" to the local accounts database, type the
following:
net user jennyt \* /add
To add a user "jennyt" to the accounts database in a domain called
market_dom, type the following:
net user jennyt \* /add /domain:market_dom
To display the user account "jennyt" in a domain called market_dom,
type the following:
net user jennyt /domain:market_dom
To delete a user named "jennyt" from the accounts database in a
domain sales_dom, type the following:
net user jennyt /delete /domain:sales_dom
To add a user account for Henry James, with logon rights
from 8 A.M. to 5 P.M., Monday through Friday, a mandatory
password, and the user's full name, type the following:
net user henryj 0henry /add /passwordreq:yes /times:
monday-friday,8am-5pm /fullname:"Henry James"
To set johnsw's logon time (8 A.M. to 5 P.M.) using 24-hour
notation, type
net user johnsw /time:monday-friday,08:00-17:00
To set johnsw's logon time (8 A.M. to 5 P.M.) using 12-hour
notation, type the following:
net user johnsw /time:monday-friday,8am-5pm
To specify logon hours of 4 A.M. until 5 P.M. on Monday, 1
P.M. until 3 P.M. on Tuesday, and 8 A.M. until 5 P.M.
Wednesday through Friday for marysl, type the following:
net user marysl
/time:monday,4am-5pm\;tuesday,1pm-3pm\;wednesday-friday,8:00-17:00
To run the same command remotely (on server "market_asu"), type
the following (replacing "password" with the password for
"administrator":
net admin \\market_asu password /command net user marysl
/time:monday,4am-5pm\;tuesday,1pm-3pm\;wednesday-friday,8:00-17:00
SEE ALSO
For information about See
_____________________ _________
Getting help with network commands net help
Stopping services net stop
Setting permissions for user-accounts net perms
and groups
Setting global account requirements net accounts
Creating groups net group