Awhile ago Microsoft added a new PowerShell module to manage local Windows user accounts. This post should quickly show you how easily you can for example use PowerShell to create a new Windows User account, remove a Windows user account or modify windows users and groups with PowerShell.
List Windows User accounts
The most simple one is obviously to list Windows users or groups, using the PowerShell Get- commands.
List all local Windows Users:
Get-LocalUser
List all local Windows Groups:
Get-LocalGroup
Create new Windows User account using PowerShell
There are three different account types you can add to Windows 10:
- Local Windows Users
- Microsoft Accounts
- Azure AD Accounts
The following part describes how you can add them to your Windows system using PowerShell
To create a new Windows User account you can simply use the following command:
$Password = Read-Host -AsSecureString New-LocalUser "Tom" -Password $Password -FullName "Thomas Maurer" -Description "Description"
If you want to see that password you can also use this method, to create a new Windows User:
$Password= ConvertTo-SecureString "Password" -AsPlainText -Force New-LocalUser "Tom" -Password $Password -FullName "Thomas Maurer" -Description "Description"
Create a new Windows User account connected to a Microsoft Account with PowerShell.
With Windows 10 you have the opportunity to login using Microsoft Accounts, for example with outlook.com or hotmail.com email aliases. For that you can use the folloing command to create a new Windows User connected to a Microsoft Account. In this case you will not need to configure a password for the account, since this is connected to the Microsoft Account.
New-LocalUser -Name "MicrosoftAccount\[email protected]" -Description "Description of this Microsoft account."
You can also add Azure Active Directory (Azure AD) accounts if your business is for example using Office 365. The following command adds an Azure AD account to the local Windows Users:
New-LocalUser -Name "AzureAD\[email protected]" -Description "Description of this Azure AD account."
Remove Windows User account
You can also simply remove user accounts from Windows using PowerShell. The following command will delete the account:
Remove-LocalUser -Name "SomeUser"
Change password of a Windows User account
To change the password of a local Windows User account, you can use the Set-LocalUser cmdlet. This also has some other options as well, but one of the most common ones is to reset the password.
$Password = Read-Host -AsSecureString Get-LocalUser -Name "SomeUser" | Set-LocalUser -Password $Password
Rename a Windows User account
To rename a Windows User account with PowerShell, you can use the following command:
Rename-LocalUser -Name "Tom" -NewName "Tom2"
Add Windows User account to group
This command for example adds users to the Windows Administrator group:
Add-LocalGroupMember -Group "Administrators" -Member "Admin02", "MicrosoftAccount\[email protected]", "AzureAD\[email protected]", "CONTOSO\Domain Admins"
I hope this gives you a quick overview how you can manage local Windows User accounts using PowerShell. If you have any questions, feel free to leave a comment.
Tags: accounts, Azure AD, Azure AD Accounts, Groups, Microsoft, Microsoft Accounts, PowerShell, Windows, Windows 10, Windows Accounts, Windows Server, Windows User Accounts Last modified: July 5, 2019
Possilbe to remove an AzureAD\username account previously signed into the OS?
I’ve tried AzureAD\UserName, AzureAD\[email protected], or AzureAD\[email protected] (real email address) and all not found.
Hello Mr. Maurer, I tried your suggestion above for using plain text password in the script:
If you want to see that password you can also use this method, to create a new Windows User:
$Password= ConvertTo-SecureString “Password” -AsPlainText -Force
New-LocalUser “Tom” -Password $Password -FullName “Thomas Maurer” -Description “Description”
I saved this script to a usb thumb drive and tried to run it on another computer in a workgroup environment and I got this error:
New-LocalUser : Access denied.
At D:\TEST-UserAccountCreation.ps1:7 char:1
+ New-LocalUser $StaffUser -Password $password -Description $NewUserDes …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (test-user:LocalUser) [New-LocalUser], AccessDeniedException
+ FullyQualifiedErrorId : AccessDenied,Microsoft.PowerShell.Commands.NewLocalUserCommand
Any suggestions? I have a large number of computers that are in a workgroup environment (not in a domain) that I need to set up with similar accounts. I am trying to find a way to better automate local user account creation without being prompted for a password everytime a user account is created from the script. It gets to be exhausting–3 to 4 local user account creations times 20 computers in a workgroup. Please help! :)
Thanks to all who can lend me a hand with this obstacle.
Hello,
Nice post, thanks.
I am having the following problem and wondering if you would have any idea please?
We are in full Azure AD (therefore no physical AD).
when i add AZURE AD admin user from computer, his local username becomes John.DOE instead of John DOE space. And if we add an additional particle within the framework of the partners, it is truncated: John DOE (Conso Partners) becomes JohnDoe (Cons
i would like to know if i can using powershel script for replace the current value with what I want and that it matches in the registry and all the parameters of the station? and by the same time remove also user firstname accents.
in your Get-LocalUser example I only see AzureAD users:
PS C: \ windows \ system32> Get-LocalUser
Name Enabled Description
—- ——- ———–
Administrator False Administration user account
DefaultAccount False User account managed by the system.
Guest False Guest user account
WDAGUtilityAccount False User account managed and used by the system for Windows Defender A scenarios …
PS C:\windows\system32> Get-LocalGroup
Name Description
—- ———–
Administrateurs Les membres du groupe Administrateurs disposent d’un accès complet et il…
Thanks for your help