PowerShell : User Management

Microsoft’s PowerShell provides the ability to manage Users and Groups locally and remotely with help of cmdlets.

There are 15 self explanatory cmdlets in the LocalAccounts module. You can view the full list by running the following command:

PS C:> Get-Command -Module Microsoft.PowerShell.LocalAccounts
  • Add-LocalGroupMember
  • Disable-LocalUser
  • Enable-LocalUser
  • Get-LocalGroup
  • Get-LocalGroupMember
  • Get-LocalUser
  • New-LocalGroup
  • New-LocalUser
  • Remove-LocalGroup
  • Remove-LocalGroupMember
  • Remove-LocalUser
  • Rename-LocalGroup
  • Rename-LocalUser
  • Set-LocalGroup
  • Set-LocalUser

List all local Windows Users

PS C:> Get-LocalUser

Name Enabled Description
---- ------- -----------
defaultuser0 False
........................
........................
........................

List all local Windows Groups

PS C:> Get-LocalGroup

Name           Description
----           -----------
Administrators Administrators have complete.....
Guests         Guests have the same access as members.
Users          Users are prevented from making.......
.........................................
.........................................

Create a new Windows User account

PS C:> $password = Read-Host -AsSecureString

PS C:> New-LocalUser "Tim" -Password $password `
PS C:> -FullName "Tim Burton" `
PS C:> -Description "A developer account"

Backtick (`) operator is also called word-wrap operator. It allows a command to be written in multiple lines. It can be used for new line (`n) or tab (`t) in sentences as well.

With Windows 10 you have the opportunity to login using Microsoft Accounts with outlook.com or hotmail.com email aliases.

In this case you will not need to configure a password for the account, since this is connected to the Microsoft Account.

PS C:> New-LocalUser -Name "MicrosoftAccountTim.Burton@outlook.com" `
PS C:> -Description "Tim Microsoft account."

You can also add Azure Active Directory (Azure AD) accounts to the local Windows Users.

PS C:> New-LocalUser -Name  "AzureADTim.Burton@example.com" `
PS C:> -Description "Azure AD account"

Remove user accounts

PS C:> Remove-LocalUser -Name "Tim"

To change the password of a local Windows User account, you can use the Set-LocalUser cmdlet.

PS C:> $password = Read-Host -AsSecureString

PS C:> Get-LocalUser -Name "Mark" | Set-LocalUser -Password $password

Rename a User account

PS C:> Rename-LocalUser -Name "Tom" -NewName "Tim"

Add User account to group

PS C:> Add-LocalGroupMember -Group "Administrators" -Member "Admin01"