Add user to group from command line (CMD)

by admin on May 25, 2009

In Windows computer we can add users to a group from command line. We can use net localgroup command for this.

net localgroup group_name UserLoginName /add

For example to add a user to administrators group, we can run the below command. In the below example I have taken username as John.

net localgroup administrators John /add

Few more examples:

To add a domain user to local users group:

net localgroup users domainname\username /add

This command should be run when the computer is connected to the network. Otherwise you will get the below error.

H:\>net localgroup users domain\user /add
System error 1789 has occurred.
The trust relationship between this workstation and the primary domain failed.

To add a domain user to local administrator group:

net localgroup administrators domainname\username /add

To add a user to remote desktop users group:

net localgroup "Remote Desktop Users" UserLoginName  /add

To add a user to debugger  users group: 

net localgroup "Debugger users" UserLoginName /add

To add a user to Power users group: 

net localgroup "Power users" UserLoginName /add

This command works on all editions of Windows OS i.e Windows 2000, Windows XP, Windows Server 2003, Windows Vista and Windows 7. In Vista and Windows 7, even if you run the above command from administrator login you may still get access denied error like below.

C:\> net localgroup administrators techblogger /add
System error 5 has occurred.
Access is denied.

The solution for this is to run the command from elevated administrator account. See How to open elevated administrator command prompt

When you run the ‘net localgroup’ command from elevated command prompt:

C:\>net localgroup administrators techblogger /add
The command completed successfully.

To list the users belonging to a particular group we can run the below command.

net localgroup group_name

For example to list all the users belonging to administrators group we need to run the below command.

net localgroup administrators

Related posts:

Add new user account
Delete user account

Additional Reading...

{ 20 comments… read them below or add one }

Anonymous September 6, 2010 at 4:55 am

How to add a group to another group?

Reply

admin October 26, 2011 at 4:26 am

you can use the same command to add a group also. For example, to add a domain group ‘Domain\users’ to local administrators group, the command is:

net localgroup administrators domain\users /add

žoge March 30, 2011 at 6:49 am

How can I add a user to a group remotely?

Reply

Derick February 24, 2012 at 8:28 pm

Using pstools, it is a good tools from Microsoft.

Anonymous August 5, 2011 at 5:18 pm

While this article is two years old – it still was the first hit when I searched and it got me where I needed to be. Another great tip is the syntax for doing a runas, because I needed to elevate a user's privileges to admin from within his account:

runas /user:Administrator@DOMAIN "net localgroup Administrators DOMAIN\username /add"

Good stuff.

Reply

Ben March 13, 2012 at 2:18 pm

awesome! I’ve been wanting to know how to do this forever. thanks so much. for some reason, MS has made it impossible to authenticate protected commands via the GUI. seriously frustrating! this makes it all better.

Keith Poole January 30, 2013 at 10:14 pm

Is there a way to trough a password into the script for the admin account if it is known and generic

renni September 9, 2011 at 10:32 am

How to set password to never expire ?

Reply

admin September 9, 2011 at 2:54 pm

You can run the below.

wmic useraccount where name='loginid' set passwordexpires=false.

Reue December 28, 2011 at 3:31 pm

Is there any way to add a computer account into the local admin group on another machine via command line? Thanks.

Reply

admin January 4, 2012 at 5:27 pm

I don’t think that’s possible. However, you can add a domain account to the local admin group of a computer.

Steve February 11, 2012 at 7:29 pm

Dude, thank you! On xp, the server service was not installed so couldn’t add via manage. User CtrlPnl gpf’s is broke (something about html app host error). In 3 seconds, you provided a way to fix that MS couldn’t with all their idiot wizards…

Reply

Derick February 24, 2012 at 8:24 pm

Hi Reue,

Yes you can add any users to other computers remotely using the pstools.

Reply

Prashanth March 6, 2012 at 11:06 am

Hello,

I have a requirement something like this:

I need to create a user account on a remote server which should be a part of the local administrator group. How should i set password for this user account ?

Can any one help me please?

Thanks in advance,
Prashanth

Reply

admin March 7, 2012 at 2:52 pm

Read this: Add new user account from command line
Using psexec tool, you can run the above command on a remote machine.

Aroon April 19, 2012 at 6:52 am

I changed the admin account’s rights to user account and now i have only two accounts with only USER rights, nothing with admin. When ever i change any application, it says ” Right Admin Password” and there only comes NO and therefore i am unable to enter Admin Passowrd. Also i m unable to open cmd.exe as Admin. Please Advise.

Reply

Deepak Sati June 23, 2012 at 3:21 pm

how can I add multiple domain users into local administrator group together with the single line command?

Reply

admin June 27, 2012 at 5:34 am

You can specify as many users as you want, in the same command mentioned above.
For example, to add three users :

net localgroup administrators domain\user1 domain\user2 domain\user3 /ADD

Anonymous October 12, 2012 at 4:29 am

I don’t have access to the administrator account, but I do have access to my son’s
Standard Account. Please help.

Reply

Chris Olson April 19, 2013 at 5:10 pm

I am trying to add a service account to a local group but it fails. Is there syntax for that? I’ve tried many variations but no go. See below:

net localgroup “Event Log Readers” “NT Authority\Network Service (S-1-5-20)” /add

Reply

Leave a Comment

HTML tags are not allowed.

Previous post:

Next post: