New-LocalUser
SYNOPSIS
Creates a local user account.
SYNTAX
Password (Default)
New-LocalUser [-AccountExpires <DateTime>] [-AccountNeverExpires] [-Description <String>] [-Disabled]
[-FullName <String>] [-Name] <String> -Password <SecureString> [-PasswordNeverExpires]
[-UserMayNotChangePassword] [-WhatIf] [-Confirm] [<CommonParameters>]
NoPassword
New-LocalUser [-AccountExpires <DateTime>] [-AccountNeverExpires] [-Description <String>] [-Disabled]
[-FullName <String>] [-Name] <String> [-NoPassword] [-UserMayNotChangePassword] [-WhatIf] [-Confirm]
[<CommonParameters>]
DESCRIPTION
The New-LocalUser cmdlet creates a local user account. This cmdlet creates a local user account or a local user account that is connected to a Microsoft account.
EXAMPLES
Example 1: Create a user account
PS C:\> New-LocalUser -Name "User02" -Description "Description of this account." -NoPassword
Name Enabled Description
---- ------- -----------
User02 True Description of this account.
This command creates a local user account. The command does not specify the AccountExpires parameter. Therefore, the account does not expire.
Example 2: Create a user account that has a password
PS C:\> $Password = Read-Host -AsSecureString
PS C:\> New-LocalUser "User03" -Password $Password -FullName "Third User" -Description "Description of this account."
Name Enabled Description
---- ------- -----------
User03 True Description of this account.
The first command prompts you for a password by using the Read-Host cmdlet. The command stores the password as a secure string in the $Password variable.
The second command creates a local user account by using the password stored in $Password. The command specifies a user name, full name, and description for the user account.
Example 3: Create a user account that is connected to a Microsoft account
PS C:\> New-LocalUser -Name "MicrosoftAccount\usr [email protected]" -Description "Description of this account."
This command creates a local user account that is connected to a Microsoft account. This example uses a placeholder value for the user name of an account at Outlook.com. Because the account is connected to a Microsoft account, do not specify a password.
PARAMETERS
-AccountExpires
Specifies when the user account expires. To obtain a DateTime object, use the Get-Date cmdlet. If you do not specify this parameter, the account does not expire.
Type: DateTime
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-AccountNeverExpires
Indicates that the account does not expire.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-Confirm
Prompts you for confirmation before running the cmdlet.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: cf
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
-Description
Specifies a comment for the user account. The maximum length is 48 characters.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-Disabled
Indicates that this cmdlet creates the user account as disabled.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-FullName
Specifies the full name for the user account. The full name differs from the user name of the user account.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-Name
Specifies the user name for the user account.
If you create a local user account that is connected to a Microsoft account, specify the user name in the following format: MicrosoftAccount\\<user name>@Outlook.com for a user of a Microsoft account on Outlook.com.
If you create a local user account for the local system, the user name can contain up to 20 uppercase characters or lowercase characters. A user name cannot contain the following characters:
" / \ [ ] : ; | = , + * ? < > @
A user name cannot consist only of periods (.) or spaces.
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 0
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False
-NoPassword
Indicates that the user account does not have a password.
Type: SwitchParameter
Parameter Sets: NoPassword
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-Password
Specifies a password for the user account.
You can use Read-Host -GetCredential, Get-Credential, or ConvertTo-SecureString to create a SecureString object for the password.
If you omit the Password and NoPassword parameters, New-LocalUser prompts you for the new user's password.
Type: SecureString
Parameter Sets: Password
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-PasswordNeverExpires
Indicates whether the password expires.
Type: SwitchParameter
Parameter Sets: Password
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-UserMayNotChangePassword
Indicates that the user cannot change the password on the user account.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: wi
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
System.String, System.DateTime, System.Boolean, System.Security.SecureString
You can pipe a string, a DateTime object, a Boolean value, or a secure string to this cmdlet.
OUTPUTS
System.Management.Automation.SecurityAccountsManager.LocalUser
This cmdlet returns a LocalUser object. This object provides information about the user account.
NOTES
- A user name cannot be identical to any other user name or group name on the computer. A user name cannot consist only of periods (.) or spaces. A user name can contain up to 20 uppercase characters or lowercase characters. A user name cannot contain the following characters:
" / \ [ ] : ; | = , + * ? < > @
- A password can contain up to 127 characters.
The PrincipalSource property is a property on LocalUser, LocalGroup, and LocalPrincipal objects that describes the source of the object. The possible sources are as follows:
Local
- Active Directory
- Azure Active Directory group
- Microsoft Account
PrincipalSource is supported only by Windows 10, Windows Server 2016, and later versions of the Windows operating system. For earlier versions, the property is blank.