Windows Tip Sheet

Works Great, Less Filling

ADUC has lots of info, but sometimes more than you need. The Net User command can be quicker and just right.

Even though we live in world of Active Directory trees and forests, a lot of user administration doesn’t really happen within the global catalog servers and organizational units. Some of the old, 20th-century ways are still the best and often work faster than using Active Directory Users and Computers. To see how much information you can get, open a command prompt and type:

Net user your-logon-name /domain

Substitute your logon name. You should get information like this:

User name                  jhicks
Full Name                  Jeffery Hicks
Comment                    Home Admin
User's comment             This is a comment
Country code               (null)
Account active             Yes
Account expires            Never

Password last set          1/18/2007 12:38 PM
Password expires           Never
Password changeable        1/19/2007 12:38 PM
Password required          Yes
User may change password   Yes

Workstations allowed       All
Logon script
User profile
Home directory
Last logon                 6/22/2007 9:50 PM

Logon hours allowed        All

Local Group Memberships    *Administrators *TelnetClients
Global Group memberships   *ParentalUnits  *Domain Admins
                           *Domain Users   *UnrestrictedUsers

That’s a lot of useful information and I didn’t have to go digging for the account in Active Directory. I especially like that you can see what global groups the user belongs to. How helpful is that when troubleshooting access issues?

The Net Use command is obviously a legacy tool and has no knowledge of Active Directory. If you have logon scripts assigned through Group Policy, this command won’t detect them. It only detects the legacy Logon script field for the user object.

Tech Help—Just An
E-Mail Away

Got a Windows, Exchange or virtualization question or need troubleshooting help? Or maybe you want a better explanation than provided in the manuals? Describe your dilemma in an e-mail to the editors at [email protected]; the best questions get answered in this column and garner the questioner with a nifty Redmond T-shirt.

When you send your questions, please include your full first and last name, location, certifications (if any) with your message. (If you prefer to remain anonymous, specify this in your message, but submit the requested information for verification purposes.)

Another handy use for this command is to reset a user’s password:

Net user username newpassword /domain

Again, no muss and fuss with GUI management consoles. Reset the password and move on. Need to disable an account?

Net user username /active:no /domain

Change to Yes to enable an account.

Want to modify the comment or description?

Net user username /comment:"This is a new comment" /domain

Just remember to put the comment in quotes.

When you need to do some basic user management, it’s amazing what you can still do with a simple command like Net User.

About the Author

Jeffery Hicks is an IT veteran with over 25 years of experience, much of it spent as an IT infrastructure consultant specializing in Microsoft server technologies with an emphasis in automation and efficiency. He is a multi-year recipient of the Microsoft MVP Award in Windows PowerShell. He works today as an independent author, trainer and consultant. Jeff has written for numerous online sites and print publications, is a contributing editor at, and a frequent speaker at technology conferences and user groups.

comments powered by Disqus
Most   Popular