Learn how to use the “net user /domain” command to manage user accounts efficiently in a domain environment. Retrieve important user account information, troubleshoot access issues, and ensure network security.
To refresh our ideas a little, let’s remember that “net user” is a tool that is part of the internal MS-DOS commands that come preinstalled as standard in Windows, and are transferred directly to memory when the operating system loads.
Use cases and variants for the net user /domain command;How to use the “net user /domain” command
The “net user /domain” command in particular is used to obtain information about any network user that is registered in our domain, but also to manage it. Thus, we can use this tool from a cmd terminal window to change the password of any user, specify what times of day they can log in, and even delete or create new users.
- net user user password: With this command the password “password” is established for the local user user “user”.
- net user user password/domain : This command sets the password “password” for the network user user “user”. This command is only valid for Windows NT Server domains.
- net user user* : Once this command has been entered, the system will ask to enter a password for the local user “user”. Please note that the typed password will not appear on the screen.
- net user user* /domain : With this command the system asks to enter a password for the network user “user”. Please note that the typed password is not displayed on the screen.
- net user user password/add : With this command the system creates a local user with the name “user” and the password “password”.
- net user user* /add : With this command the system creates a local user named “user” and asks to assign a password to it.
- net user user password/add /domain : It is the same command as the one mentioned 2 points above, but in this case the user created, instead of being local, is a network user.
- net user user */add /domain : Same, but in this case it asks to set a password.
- net user user */delete : Deletes the local user “user”.
- net user user */delete /domain : Deletes the network user “user”.
In addition to these options, the net user command has many more variables. These are the ones that seem most interesting to me (remember to put the “/domain” tag at the end of each command if you want to execute it on a network user).
- net user user/active:yes : Activates the user account “user”. If instead of “yes” you write “no”… it is disabled.
- net user user/expires: dd/mm/yy : The local user’s password expires on the date dd/mm/yy. If instead of indicating the date you write “never” the key never expires.
- net user user/homedir:path: It serves to indicate to the system in which path the main directory of user “user” is established. It is necessary that the indicated route really exists.
- net user user/passwordchg:no : The user “user” cannot change his password. If you indicate “yes” it means you can change it.
- net user user/passwordreq:no : It is not necessary for the user “user” to have a password.
- net user user/profilepath[:path] : Used to establish the folder where the login profile of the user “user” is loaded.
- net user user/scriptpath: path : This tells the system that it has to execute the script that appears in the path “path” for the user “user”.
- net user user/times:all : Specifies the times that the user “user” can log in. If you indicate “all” it means that you can log in to the computer at any time. On the other hand, if you leave the value blank it will block access regardless of the time. If you want to indicate a period of time you must indicate it with the format “day”, “hour” to separate the hour and the day and a semicolon to separate several days and hours.
- net user user/workstations:* : The user can log in to all computers on the network. If you specify computer names in square brackets [,] and separated by commas, you can assign up to a maximum of eight computers.
The “net user /domain” command is used to manage user accounts on a domain. Here’s a guide in tabular form that details how to use this command effectively:
Command | Description | Example |
---|---|---|
net user |
Displays a list of user accounts for the computer. | net user |
net user [username] |
Displays detailed information about a specific user account. | net user johndoe |
net user [username] [password] /add |
Adds a user account with a specified password. | net user johndoe P@ssw0rd /add |
net user [username] /delete |
Deletes a user account. | net user johndoe /delete |
net user [username] /domain |
Displays or modifies information about a user account on a domain. | net user johndoe /domain |
net user [username] [password] /add /domain |
Adds a user account with a specified password to the domain. | net user johndoe P@ssw0rd /add /domain |
net user [username] /delete /domain |
Deletes a user account from the domain. | net user johndoe /delete /domain |
net user [username] [/active:yes|no] |
Enables or disables a user account. | net user johndoe /active:no |
net user [username] [/expires:date] |
Sets an expiration date for the user account. | net user johndoe /expires:12/31/2023 |
net user [username] [/passwordchg:yes|no] |
Allows or prevents the user from changing the password. | net user johndoe /passwordchg:no |
net user [username] [/passwordreq:yes|no] |
Specifies whether a user account must have a password. | net user johndoe /passwordreq:yes |
Remember:
- To use these commands, you must have administrative privileges.
- The
/domain
option is used when you are managing accounts on a domain controller. - Replace
[username]
and[password]
with the appropriate user name and password. - Some options might require additional privileges or might be restricted based on your network policies.