Windows Users with PowerShell

Manage Local Windows User with PowerShell

Awhile ago Microsoft added a new PowerShell module to manage local Windows user accounts. This post should quickly show you how easily you can for example use PowerShell to create a new Windows User account, remove a Windows user account or modify windows users and groups with PowerShell.

List Windows User accounts

The most simple one is obviously to list Windows users or groups, using the PowerShell Get- commands.

List all local Windows Users:

Get-LocalUser

List all local Windows Groups:

Get-LocalGroup

Create new Windows User account using PowerShell

There are three different account types you can add to Windows 10:

The following part describes how you can add them to your Windows system using PowerShell

To create a new Windows User account you can simply use the following command:

$Password = Read-Host -AsSecureString
 
New-LocalUser "Tom" -Password $Password -FullName "Thomas Maurer" -Description "Description"

If you want to see that password you can also use this method, to create a new Windows User:

$Password= ConvertTo-SecureString "Password" -AsPlainText -Force
 
New-LocalUser "Tom" -Password $Password -FullName "Thomas Maurer" -Description "Description"

Create a new Windows User account connected to a Microsoft Account with PowerShell.

With Windows 10 you have the opportunity to login using Microsoft Accounts, for example with outlook.com or hotmail.com email aliases. For that you can use the folloing command to create a new Windows User connected to a Microsoft Account. In this case you will not need to configure a password for the account, since this is connected to the Microsoft Account.

New-LocalUser -Name "MicrosoftAccount\[email protected]" -Description "Description of this Microsoft account."

You can also add Azure Active Directory (Azure AD) accounts if your business is for example using Office 365. The following command adds an Azure AD account to the local Windows Users:

New-LocalUser -Name  "AzureAD\[email protected]" -Description "Description of this Azure AD account."

Remove Windows User account

You can also simply remove user accounts from Windows using PowerShell. The following command will delete the account:

Remove-LocalUser -Name "SomeUser"

Change password of a Windows User account

To change the password of a local Windows User account, you can use the Set-LocalUser cmdlet. This also has some other options as well, but one of the most common ones is to reset the password.

$Password = Read-Host -AsSecureString
 
Get-LocalUser -Name "SomeUser" | Set-LocalUser -Password $Password

Rename a Windows User account

To rename a Windows User account with PowerShell, you can use the following command:

Rename-LocalUser -Name "Tom" -NewName "Tom2"

Add Windows User account to group

This command for example adds users to the Windows Administrator group:

Add-LocalGroupMember -Group "Administrators" -Member "Admin02", "MicrosoftAccount\[email protected]", "AzureAD\[email protected]", "CONTOSO\Domain Admins"

I hope this gives you a quick overview how you can manage local Windows User accounts using PowerShell. If you have any questions, feel free to leave a comment.