Manage Local Windows User with PowerShell (2024)

Awhile ago Microsoft added a new PowerShell module to manage local Windows user accounts. This post should quickly show you how easily you can for example use PowerShell to create a new Windows User account, remove a Windows user account or modify windows users and groups with PowerShell.

List Windows User accounts

The most simple one is obviously to list Windows users or groups, using the PowerShell Get- commands.

List all local Windows Users:

Get-LocalUser

List all local Windows Groups:

Get-LocalGroup

Create new Windows User account using PowerShell

There are three different account types you can add to Windows 10:

The following part describes how you can add them to your Windows system using PowerShell

To create a new Windows User account you can simply use the following command:

$Password = Read-Host -AsSecureStringNew-LocalUser "Tom" -Password $Password -FullName "Thomas Maurer" -Description "Description"

If you want to see that password you can also use this method, to create a new Windows User:

$Password= ConvertTo-SecureString "Password" -AsPlainText -ForceNew-LocalUser "Tom" -Password $Password -FullName "Thomas Maurer" -Description "Description"

Create a new Windows User account connected to a Microsoft Account with PowerShell.

With Windows 10 you have the opportunity to login using Microsoft Accounts, for example with outlook.com or hotmail.com email aliases. For that you can use the folloing command to create a new Windows User connected to a Microsoft Account. In this case you will not need to configure a password for the account, since this is connected to the Microsoft Account.

New-LocalUser -Name "MicrosoftAccount\[emailprotected]" -Description "Description of this Microsoft account."

You can also add Azure Active Directory (Azure AD) accounts if your business is for example using Office 365. The following command adds an Azure AD account to the local Windows Users:

New-LocalUser -Name "AzureAD\[emailprotected]"-Description "Description of this Azure AD account."

Remove Windows User account

You can also simply remove user accounts from Windows using PowerShell. The following command will delete the account:

Remove-LocalUser -Name "SomeUser"

Change password of a Windows User account

To change the password of a local Windows User account, you can use the Set-LocalUser cmdlet. This also has some other options as well, but one of the most common ones is to reset the password.

$Password = Read-Host -AsSecureStringGet-LocalUser -Name "SomeUser" |Set-LocalUser -Password $Password

Rename a Windows User account

To rename a Windows User account with PowerShell, you can use the following command:

Rename-LocalUser -Name "Tom" -NewName "Tom2"

Add Windows User account to group

This command for example adds users to the Windows Administrator group:

Add-LocalGroupMember -Group "Administrators" -Member "Admin02", "MicrosoftAccount\[emailprotected]", "AzureAD\[emailprotected]", "CONTOSO\Domain Admins"

I hope this gives you a quick overview how you can manage local Windows User accounts using PowerShell. If you have any questions, feel free to leave a comment.

Tags: accounts, Azure AD, Azure AD Accounts, Groups, Microsoft, Microsoft Accounts, PowerShell, Windows, Windows 10, Windows Accounts, Windows Server, Windows User Accounts Last modified: July 5, 2019

About the Author / Thomas Maurer

Manage Local Windows User with PowerShell (1)

Thomas works as a Principal Program Manager & Chief Evangelist Azure Hybrid at Microsoft (Cloud + AI). He engages with the community and customers around the world to share his knowledge and collect feedback to improve the Azure hybrid cloud and edge platform. Prior to joining the Azure engineering team (Cloud + AI), Thomas was a Lead Architect and Microsoft MVP, to help architect, implement and promote Microsoft cloud technology.If you want to know more about Thomas, check out his blog: www.thomasmaurer.ch and Twitter: www.twitter.com/thomasmaurer

Previous StoryAzure – Just in Time VM access

Next StorySpeaking at Experts Live Europe 2018 in Prague

Related Posts

Cloud operations for Windows Server through Azure Arc

April 17, 2024Microsoft Azure, Windows Server

Running Windows Server on-premises or at the edge? Learn how you can leverage Azure management solutions for cloud operations for Windows...

Read More → Read More: Cloud operations for Windows Server through Azure Arc

Automate on-premises Windows Server from the cloud using Azure Arc

April 9, 2024Microsoft Azure, Windows Server

Running Windows Server on-premises or at the edge? Learn how you can leverage Azure automation, PowerShell, Windows commands, and Azure...

Read More → Read More: Automate on-premises Windows Server from the cloud using Azure Arc

The Azure Adaptive Cloud Community

April 2, 2024Microsoft Azure

Exciting news for all cloud enthusiasts and professionals! The Azure Adaptive Cloud Community is making a grand comeback with its monthly...

Read More → Read More: The Azure Adaptive Cloud Community

Azure Stack HCI 23H2 – VMs and containers at the edge

March 26, 2024Microsoft Azure, Virtualization

At Microsoft Ignite 2023, Microsoft announced the latest version of Azure Stack HCI 23H2. In this video we are going to have a look on how...

Read More → Read More: Azure Stack HCI 23H2 – VMs and containers at the edge

3 Replies to “Manage Local Windows User with PowerShell”

  1. Manage Local Windows User with PowerShell (8) Aaron says:

    April 16, 2020 at 2:43 pm

    Possilbe to remove an AzureAD\username account previously signed into the OS?

    I’ve tried AzureAD\UserName, AzureAD\[emailprotected], or AzureAD\[emailprotected] (real email address) and all not found.

    Reply

  2. Manage Local Windows User with PowerShell (9) Da_Apprentice says:

    October 7, 2020 at 2:45 pm

    Hello Mr. Maurer, I tried your suggestion above for using plain text password in the script:
    If you want to see that password you can also use this method, to create a new Windows User:
    $Password= ConvertTo-SecureString “Password” -AsPlainText -Force
    New-LocalUser “Tom” -Password $Password -FullName “Thomas Maurer” -Description “Description”

    I saved this script to a usb thumb drive and tried to run it on another computer in a workgroup environment and I got this error:
    New-LocalUser : Access denied.
    At D:\TEST-UserAccountCreation.ps1:7 char:1
    + New-LocalUser $StaffUser -Password $password -Description $NewUserDes …
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : PermissionDenied: (test-user:LocalUser) [New-LocalUser], AccessDeniedException
    + FullyQualifiedErrorId : AccessDenied,Microsoft.PowerShell.Commands.NewLocalUserCommand

    Any suggestions? I have a large number of computers that are in a workgroup environment (not in a domain) that I need to set up with similar accounts. I am trying to find a way to better automate local user account creation without being prompted for a password everytime a user account is created from the script. It gets to be exhausting–3 to 4 local user account creations times 20 computers in a workgroup. Please help! :)

    Thanks to all who can lend me a hand with this obstacle.

    Reply

  3. Manage Local Windows User with PowerShell (10) Josh says:

    February 10, 2021 at 12:34 pm

    Hello,
    Nice post, thanks.
    I am having the following problem and wondering if you would have any idea please?

    We are in full Azure AD (therefore no physical AD).
    when i add AZURE AD admin user from computer, his local username becomes John.DOE instead of John DOE space. And if we add an additional particle within the framework of the partners, it is truncated: John DOE (Conso Partners) becomes JohnDoe (Cons

    i would like to know if i can using powershel script for replace the current value with what I want and that it matches in the registry and all the parameters of the station? and by the same time remove also user firstname accents.

    in your Get-LocalUser example I only see AzureAD users:

    PS C: \ windows \ system32> Get-LocalUser

    Name Enabled Description
    —- ——- ———–
    Administrator False Administration user account
    DefaultAccount False User account managed by the system.
    Guest False Guest user account
    WDAGUtilityAccount False User account managed and used by the system for Windows Defender A scenarios …

    PS C:\windows\system32> Get-LocalGroup

    Name Description
    —- ———–
    Administrateurs Les membres du groupe Administrateurs disposent d’un accès complet et il…

    Thanks for your help

    Reply

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Manage Local Windows User with PowerShell (2024)

References

Top Articles
Latest Posts
Article information

Author: Neely Ledner

Last Updated:

Views: 5931

Rating: 4.1 / 5 (42 voted)

Reviews: 81% of readers found this page helpful

Author information

Name: Neely Ledner

Birthday: 1998-06-09

Address: 443 Barrows Terrace, New Jodyberg, CO 57462-5329

Phone: +2433516856029

Job: Central Legal Facilitator

Hobby: Backpacking, Jogging, Magic, Driving, Macrame, Embroidery, Foraging

Introduction: My name is Neely Ledner, I am a bright, determined, beautiful, adventurous, adventurous, spotless, calm person who loves writing and wants to share my knowledge and understanding with you.