< Back
New-LocalUser
Post
NAME New-LocalUser
SYNOPSIS
Creates a local user account.
SYNTAX
New-LocalUser [-Name] <String> [-AccountExpires <DateTime>] [-AccountNeverExpires] [-Confirm] [-Description <String>] [-Disabled] [-FullName
<String>] -NoPassword [-UserMayNotChangePassword] [-WhatIf] [<CommonParameters>]
New-LocalUser [-Name] <String> [-AccountExpires <DateTime>] [-AccountNeverExpires] [-Confirm] [-Description <String>] [-Disabled] [-FullName
<String>] -Password <SecureString> [-PasswordNeverExpires] [-UserMayNotChangePassword] [-WhatIf] [<CommonParameters>]
DESCRIPTION
The New-LocalUser cmdlet creates a local user account. This cmdlet creates a local user account or a local user account that is connected to a
Microsoft account.
PARAMETERS
-AccountExpires <DateTime>
Specifies when the user account expires. To obtain a DateTime object, use the Get-Date cmdlet. If you do not specify this parameter, the
account does not expire.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-AccountNeverExpires [<SwitchParameter>]
Indicates that the account does not expire.
Required? false
Position? named
Default value False
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-Confirm [<SwitchParameter>]
Prompts you for confirmation before running the cmdlet.
Required? false
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
-Description <String>
Specifies a comment for the user account. The maximum length is 48 characters.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-Disabled [<SwitchParameter>]
Indicates that this cmdlet creates the user account as disabled.
Required? false
Position? named
Default value False
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-FullName <String>
Specifies the full name for the user account. The full name differs from the user name of the user account.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-Name <String>
Specifies the user name for the user account.
If you create a local user account that is connected to a Microsoft account, specify the user name in the following format:
`MicrosoftAccount\\`<user name>@`Outlook.com` for a user of a Microsoft account on Outlook.com.
If you create a local user account for the local system, the user name can contain up to 20 uppercase characters or lowercase characters. A
user name cannot contain the following characters:
" / \\ [ ] : ; | = , + * ? < > @
A user name cannot consist only of periods (.) or spaces.
Required? true
Position? 0
Default value None
Accept pipeline input? True (ByPropertyName, ByValue)
Accept wildcard characters? false
-NoPassword [<SwitchParameter>]
Indicates that the user account does not have a password.
Required? true
Position? named
Default value False
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-Password <SecureString>
Specifies a password for the user account. You can use `Read-Host -GetCredential`, Get-Credential, or ConvertTo-SecureString to create a
SecureString object for the password.
If you omit the Password and NoPassword parameters, New-LocalUser prompts you for the new user's password.
Required? true
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-PasswordNeverExpires [<SwitchParameter>]
Indicates whether the password expires.
Required? false
Position? named
Default value False
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-UserMayNotChangePassword [<SwitchParameter>]
Indicates that the user cannot change the password on the user account.
Required? false
Position? named
Default value False
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-WhatIf [<SwitchParameter>]
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Required? false
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
System.String, System.DateTime, System.Boolean, System.Security.SecureString
You can pipe a string, a DateTime object, a Boolean value, or a secure string to this cmdlet.
OUTPUTS
System.Management.Automation.SecurityAccountsManager.LocalUser
This cmdlet returns a LocalUser object. This object provides information about the user account.
NOTES
* A user name cannot be identical to any other user name or group name on the computer. A user name cannot consist only of periods (.) or
spaces. A user name can contain up to 20 uppercase characters or lowercase characters. A user name cannot contain the following characters:
" / \\ [ ] : ; | = , + * ? < > @ * A password can contain up to 127 characters. The PrincipalSource property is a property on LocalUser ,
LocalGroup , and LocalPrincipal * objects that describes the source of the object. The possible sources are as follows:
- Local
- Active Directory
- Azure Active Directory group
- Microsoft Account PrincipalSource is supported only by Windows 10, Windows Server 2016, and later versions of the Windows operating system.
For earlier versions, the property is blank.
Example 1: Create a user account
PS C:\\>New-LocalUser -Name "User02" -Description "Description of this account." -NoPassword
Name Enabled Description
---- ------- -----------
User02 True Description of this account.
This command creates a local user account. The command does not specify the AccountExpires parameter. Therefore, the account does not expire.
Example 2: Create a user account that has a password
PS C:\\>$Password = Read-Host -AsSecureString
PS C:\\> New-LocalUser "User03" -Password $Password -FullName "Third User" -Description "Description of this account."
Name Enabled Description
---- ------- -----------
User03 True Description of this account.
The first command prompts you for a password by using the Read-Host cmdlet. The command stores the password as a secure string in the $Password
variable.
The second command creates a local user account by using the password stored in $Password. The command specifies a user name, full name, and
description for the user account.
Example 3: Create a user account that is connected to a Microsoft account
PS C:\\>New-LocalUser -Name "MicrosoftAccount\\usr name@Outlook.com" -Description "Description of this account."
This command creates a local user account that is connected to a Microsoft account. This example uses a placeholder value for the user name of an
account at Outlook.com. Because the account is connected to a Microsoft account, do not specify a password.
RELATED LINKS
Online Version: http://go.microsoft.com/fwlink/?LinkId=822516
Disable-LocalUser
Enable-LocalUser
Get-LocalUser
Remove-LocalUser
Rename-LocalUser
Set-LocalUser
SYNOPSIS
Creates a local user account.
SYNTAX
New-LocalUser [-Name] <String> [-AccountExpires <DateTime>] [-AccountNeverExpires] [-Confirm] [-Description <String>] [-Disabled] [-FullName
<String>] -NoPassword [-UserMayNotChangePassword] [-WhatIf] [<CommonParameters>]
New-LocalUser [-Name] <String> [-AccountExpires <DateTime>] [-AccountNeverExpires] [-Confirm] [-Description <String>] [-Disabled] [-FullName
<String>] -Password <SecureString> [-PasswordNeverExpires] [-UserMayNotChangePassword] [-WhatIf] [<CommonParameters>]
DESCRIPTION
The New-LocalUser cmdlet creates a local user account. This cmdlet creates a local user account or a local user account that is connected to a
Microsoft account.
PARAMETERS
-AccountExpires <DateTime>
Specifies when the user account expires. To obtain a DateTime object, use the Get-Date cmdlet. If you do not specify this parameter, the
account does not expire.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-AccountNeverExpires [<SwitchParameter>]
Indicates that the account does not expire.
Required? false
Position? named
Default value False
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-Confirm [<SwitchParameter>]
Prompts you for confirmation before running the cmdlet.
Required? false
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
-Description <String>
Specifies a comment for the user account. The maximum length is 48 characters.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-Disabled [<SwitchParameter>]
Indicates that this cmdlet creates the user account as disabled.
Required? false
Position? named
Default value False
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-FullName <String>
Specifies the full name for the user account. The full name differs from the user name of the user account.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-Name <String>
Specifies the user name for the user account.
If you create a local user account that is connected to a Microsoft account, specify the user name in the following format:
`MicrosoftAccount\\`<user name>@`Outlook.com` for a user of a Microsoft account on Outlook.com.
If you create a local user account for the local system, the user name can contain up to 20 uppercase characters or lowercase characters. A
user name cannot contain the following characters:
" / \\ [ ] : ; | = , + * ? < > @
A user name cannot consist only of periods (.) or spaces.
Required? true
Position? 0
Default value None
Accept pipeline input? True (ByPropertyName, ByValue)
Accept wildcard characters? false
-NoPassword [<SwitchParameter>]
Indicates that the user account does not have a password.
Required? true
Position? named
Default value False
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-Password <SecureString>
Specifies a password for the user account. You can use `Read-Host -GetCredential`, Get-Credential, or ConvertTo-SecureString to create a
SecureString object for the password.
If you omit the Password and NoPassword parameters, New-LocalUser prompts you for the new user's password.
Required? true
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-PasswordNeverExpires [<SwitchParameter>]
Indicates whether the password expires.
Required? false
Position? named
Default value False
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-UserMayNotChangePassword [<SwitchParameter>]
Indicates that the user cannot change the password on the user account.
Required? false
Position? named
Default value False
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-WhatIf [<SwitchParameter>]
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Required? false
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
System.String, System.DateTime, System.Boolean, System.Security.SecureString
You can pipe a string, a DateTime object, a Boolean value, or a secure string to this cmdlet.
OUTPUTS
System.Management.Automation.SecurityAccountsManager.LocalUser
This cmdlet returns a LocalUser object. This object provides information about the user account.
NOTES
* A user name cannot be identical to any other user name or group name on the computer. A user name cannot consist only of periods (.) or
spaces. A user name can contain up to 20 uppercase characters or lowercase characters. A user name cannot contain the following characters:
" / \\ [ ] : ; | = , + * ? < > @ * A password can contain up to 127 characters. The PrincipalSource property is a property on LocalUser ,
LocalGroup , and LocalPrincipal * objects that describes the source of the object. The possible sources are as follows:
- Local
- Active Directory
- Azure Active Directory group
- Microsoft Account PrincipalSource is supported only by Windows 10, Windows Server 2016, and later versions of the Windows operating system.
For earlier versions, the property is blank.
Example 1: Create a user account
PS C:\\>New-LocalUser -Name "User02" -Description "Description of this account." -NoPassword
Name Enabled Description
---- ------- -----------
User02 True Description of this account.
This command creates a local user account. The command does not specify the AccountExpires parameter. Therefore, the account does not expire.
Example 2: Create a user account that has a password
PS C:\\>$Password = Read-Host -AsSecureString
PS C:\\> New-LocalUser "User03" -Password $Password -FullName "Third User" -Description "Description of this account."
Name Enabled Description
---- ------- -----------
User03 True Description of this account.
The first command prompts you for a password by using the Read-Host cmdlet. The command stores the password as a secure string in the $Password
variable.
The second command creates a local user account by using the password stored in $Password. The command specifies a user name, full name, and
description for the user account.
Example 3: Create a user account that is connected to a Microsoft account
PS C:\\>New-LocalUser -Name "MicrosoftAccount\\usr name@Outlook.com" -Description "Description of this account."
This command creates a local user account that is connected to a Microsoft account. This example uses a placeholder value for the user name of an
account at Outlook.com. Because the account is connected to a Microsoft account, do not specify a password.
RELATED LINKS
Online Version: http://go.microsoft.com/fwlink/?LinkId=822516
Disable-LocalUser
Enable-LocalUser
Get-LocalUser
Remove-LocalUser
Rename-LocalUser
Set-LocalUser