Windows Tip Sheet
Works Great, Less Filling
ADUC has lots of info, but sometimes more than you need. The Net User command can be quicker and just right.
- By Jeffery Hicks
Even though we live in world of Active Directory trees and forests, a lot of user administration doesn’t really happen within the global catalog servers and organizational units. Some of the old, 20th-century ways are still the best and often work faster than using Active Directory Users and Computers. To see how much information you can get, open a command prompt and type:
Net user your-logon-name /domain
Substitute your logon name. You should get information like this:
User name jhicks
Full Name Jeffery Hicks
Comment Home Admin
User's comment This is a comment
Country code (null)
Account active Yes
Account expires Never
Password last set 1/18/2007 12:38 PM
Password expires Never
Password changeable 1/19/2007 12:38 PM
Password required Yes
User may change password Yes
Workstations allowed All
Last logon 6/22/2007 9:50 PM
Logon hours allowed All
Local Group Memberships *Administrators *TelnetClients
Global Group memberships *ParentalUnits *Domain Admins
*Domain Users *UnrestrictedUsers
That’s a lot of useful information and I didn’t have to go digging for the account in Active Directory. I especially like that you can see what global groups the user belongs to. How helpful is that when troubleshooting access issues?
The Net Use command is obviously a legacy tool and has no knowledge of Active Directory. If you have logon scripts assigned through Group Policy, this command won’t detect them. It only detects the legacy Logon script field for the user object.
Tech HelpJust An
Got a Windows, Exchange or virtualization question
or need troubleshooting help? Or maybe you want a better
explanation than provided in the manuals? Describe
your dilemma in an e-mail to the MCPmag.com editors
the best questions get answered in this column and garner
the questioner with a nifty Redmond T-shirt.
When you send your questions, please include your
full first and last name, location, certifications (if
any) with your message. (If you prefer to remain anonymous,
specify this in your message, but submit the requested
information for verification purposes.)
Another handy use for this command is to reset a user’s password:
Net user username newpassword /domain
Again, no muss and fuss with GUI management consoles. Reset the password and move on. Need to disable an account?
Net user username /active:no /domain
Change to Yes to enable an account.
Want to modify the comment or description?
Net user username /comment:"This is a new comment" /domain
Just remember to put the comment in quotes.
When you need to do some basic user management, it’s amazing what you can still do with a simple command like Net User.
Jeffery Hicks is an IT veteran with over 25 years of experience, much of it spent as an IT infrastructure consultant specializing in Microsoft server technologies with an emphasis in automation and efficiency. He is a multi-year recipient of the Microsoft MVP Award in Windows PowerShell. He works today as an independent author, trainer and consultant. Jeff has written for numerous online sites and print publications, is a contributing editor at Petri.com, and a frequent speaker at technology conferences and user groups.