≡ Menu

Add user to group from command line (CMD)

Windows provides command line utilities to manager user groups. In this post, learn how to use the command net localgroup to add user to a group from command prompt’

Add user to a group

Run the steps below –

  1. Open elevated command prompt
  2. Run the below command
    net localgroup group_name UserLoginName /add

    For example to add a user ‘John’ to administrators group, we can run the below command.

    net localgroup administrators John /add

Few more examples:

To add a domain user to local users group:

net localgroup users domainname\username /add

This command should be run when the computer is connected to the network. Otherwise you will get the below error.

H:\>net localgroup users domain\user /add
System error 1789 has occurred.
The trust relationship between this workstation and the primary domain failed.

To add a domain user to local administrator group:

net localgroup administrators domainname\username /add

To add a user to remote desktop users group:

net localgroup "Remote Desktop Users" UserLoginName  /add

To add a user to debugger  users group: 

net localgroup "Debugger users" UserLoginName /add

To add a user to Power users group: 

net localgroup "Power users" UserLoginName /add

This command works on all editions of Windows OS i.e Windows 2000, Windows XP, Windows Server 2003, Windows Vista and Windows 7. In Vista and Windows 7, even if you run the above command from administrator login you may still get access denied error like below.

C:\> net localgroup administrators techblogger /add
System error 5 has occurred.
Access is denied.

The solution for this is to run the command from elevated administrator account. See How to open elevated administrator command prompt

When you run the ‘net localgroup’ command from elevated command prompt:

C:\>net localgroup administrators techblogger /add
The command completed successfully.

To list the users belonging to a particular group we can run the below command.

net localgroup group_name

For example to list all the users belonging to administrators group we need to run the below command.

net localgroup administrators

Related posts:

Add new user account
Delete user account

51 comments… add one
  • Anonymous

    How to add a group to another group?

    • admin

      you can use the same command to add a group also. For example, to add a domain group ‘Domain\users’ to local administrators group, the command is:

      net localgroup administrators domain\users /add
  • žoge

    How can I add a user to a group remotely?

    • Derick

      Using pstools, it is a good tools from Microsoft.

  • Anonymous

    While this article is two years old – it still was the first hit when I searched and it got me where I needed to be. Another great tip is the syntax for doing a runas, because I needed to elevate a user's privileges to admin from within his account:

    runas /user:Administrator@DOMAIN "net localgroup Administrators DOMAIN\username /add"

    Good stuff.

    • Ben

      awesome! I’ve been wanting to know how to do this forever. thanks so much. for some reason, MS has made it impossible to authenticate protected commands via the GUI. seriously frustrating! this makes it all better.

    • Keith Poole

      Is there a way to trough a password into the script for the admin account if it is known and generic

    • Mike C.

      I tried the above stated process in the command prompt. Got to the point where it say’s “type in pass word” I start typing nothing happens. Curser does not move. Any suggestions. Windows 7 Ultimate system.

    • Sharon

      I think when you are entering a password in the command prompt the cursor does not move on purpose. You type in your password and press enter.

  • renni

    How to set password to never expire ?

    • admin

      You can run the below.

      wmic useraccount where name='loginid' set passwordexpires=false.
  • Reue

    Is there any way to add a computer account into the local admin group on another machine via command line? Thanks.

    • admin

      I don’t think that’s possible. However, you can add a domain account to the local admin group of a computer.

    • Casey

      You might be able to use telnet to get a CMD shell. However, that would assume that you already have creds with the machine to build the telnet connection. If it were any easier than that it would be a massive security vulnerability.

    • Russ

      Net localgroup \$ /ADD

      put the $ after the PC name and it works

  • Steve

    Dude, thank you! On xp, the server service was not installed so couldn’t add via manage. User CtrlPnl gpf’s is broke (something about html app host error). In 3 seconds, you provided a way to fix that MS couldn’t with all their idiot wizards…

  • Derick

    Hi Reue,

    Yes you can add any users to other computers remotely using the pstools.

  • Prashanth

    Hello,

    I have a requirement something like this:

    I need to create a user account on a remote server which should be a part of the local administrator group. How should i set password for this user account ?

    Can any one help me please?

    Thanks in advance,
    Prashanth

  • Aroon

    I changed the admin account’s rights to user account and now i have only two accounts with only USER rights, nothing with admin. When ever i change any application, it says ” Right Admin Password” and there only comes NO and therefore i am unable to enter Admin Passowrd. Also i m unable to open cmd.exe as Admin. Please Advise.

    • Casey

      Reinstall Windows. You literally broke it. I’m curious as to what edition of Windows you have, as most won’t actually let you remove the last member from the Administrators account, to avoid your very issue. For future reference, there’s really no good reason to ever make Administrator a mere User :P

  • Deepak Sati

    how can I add multiple domain users into local administrator group together with the single line command?

    • admin

      You can specify as many users as you want, in the same command mentioned above.
      For example, to add three users :

      net localgroup administrators domain\user1 domain\user2 domain\user3 /ADD
  • Anonymous

    I don’t have access to the administrator account, but I do have access to my son’s
    Standard Account. Please help.

  • Chris Olson

    I am trying to add a service account to a local group but it fails. Is there syntax for that? I’ve tried many variations but no go. See below:

    net localgroup “Event Log Readers” “NT Authority\Network Service (S-1-5-20)” /add

    • Kiran

      Hi Chris,
      I am trying the exact same thing ,to add network services to Adminstrators of Local Users and Groups .Did you find the solution.Please let me know.

      Thank You

    • Kiran

      Hi buddy I found the solution.Let me know if you still need it:-P

    • admin

      Hello Kiran,
      Please add the solution here for the benefit of others. Thanks.

  • JKarhani

    Thank you for this bunch of commands,
    I have 2 questions:-How can I add all users in an Organisation unit into one group in Active directory ?
    – & how can I add all users in Active Directory into a group?

    • bret

      1st make sure you have Remote Server Administration Tools (RSAT) add in features installed. Then click start – type cmd – hit Enter.
      Type in commands below, replacing GROUP_NAME and OU_NAME with corresponding names (note that “‘ is double quote followed by apostrophe) then hit Enter and watch results:
      for /f “tokens=*” %a in (‘dsquery ou -name “OU_NAME”‘) do for /f “tokens=*” %b in (‘dsquery group -name “GROUP_NAME”‘) do for /f “tokens=*” %c in (‘dsquery user %a -limit 0’) do dsmod group %b -addmbr %c

      for /f “tokens=*” %b in (‘dsquery group -name “GROUP_NAME”‘) do for /f “tokens=*” %c in (‘dsquery user -limit 0’) do dsmod group %b -addmbr %c

  • Jorge

    I do not have the administrator password eeven i do not want to reset because there are many apllications using this password.

    Is there are any way to create a new user with admin previleges into domain and works like a administrator clone. So i can log in with this new user and work like administrator.

    Is i boot and using “repair” option i need to have the admin password…
    Is there are any way i can add a new user using another software?

    Thanks

    • admin

      AFAIK, That’s not possible. Otherwise anyone would be able to easily create an admin account and get complete access to the system. I think you should try to reset the password, you may need it at any point in future.

  • ALOK

    how can i open administrator account or super administrator account from user account when i cannot open cmd as administrator?

    • Casey

      You can’t. That’s the point of Administrators. If you don’t have credentials as an Admin it’s probably because you were never meant to. Allowing you to do so would defeat the purpose.

      That said, there is a workaround involving running a cmd prompt basically as SYSTEM, but honestly, I’m not about to disseminate information on how to defeat security protocols. Sorry. It’s an ethics thing.

  • joey

    C:\Windows\System32>net localgroup administrators All /add
    System error 5 has occurred.

    Access is denied.
    how i can fix it

    • joey

      and i do not know password admin
      (canot do this)
      elow is the procedure to open elevated administrator command window on a Vista or Windows 7 machine.

      Click on Start button
      Search for command program by typing cmd.exe in the search box.
      Right click on the cmd.exe entry shown under the Programs in start menu
      Select ‘Run as administrator’
      Click on ‘continue’ if user account control asks for confirmation.

      The above steps will open a command prompt wvith elevated privileges.

    • john

      There is an easier way if you want to use command prompt often. Search cmd.exe in from start and then right click and choose “Open file location”, once there in Windows Explorer you can right click on the actual file (cmd.exe) and “Send to” “Make Desktop Shortcut”. Next go to your desktop, right click on the shortcut, go to properties, advanced, check “Run as Administrator”. From here on out this shortcut will run as an Administrator. (For further use, pin the shortcut to taskbar or start menu.

  • Walter

    Hello all!

    I am trying to get a user prompt for net localgroup Administrators /add \%u% to pop up while the batch file is running, I have tried adding Set /P after /add , is there something I’m missing to make it do this?

  • Danny C

    Worked perfectly for me, thank you. For the life of me the pc would not allow me to add a domain account to the local admin group, just wouldn’t work. Tried this from the command prompt and instant success. Thank you again!

  • pjcamp

    Doesn’t work. “The trust relationship between this machine and the primary domain failed.”

  • william

    Hi there, I accidentally turn my admin user into a standard user one. How do I change it back because when ever I try to download something my computer says that I don’t have permission. Thanks. ( I have Windows 7 )

  • Etzard

    Hi Guys

    I sort of have the same issue. I have a domain user DOMAIN\User on a laptop, but the user was never added to Local Admin. So this user cant make any changes. I have tried to log on as local admin, but still cant add the user to the group. It’s like the user does not exist.

    So how do I add a non local user, to local admin?

    Thanks

    Windows 7 Professional 64

  • jalal

    please help me how to add users to a specific client pc?

  • Renata

    While this article is six years old – it still was the first hit when I searched and it got me where I needed to be.

  • abu

    Hi,
    what if I want to add a user to multiple groups?

    Thanks in advance

  • Chazy

    Is there a command prompt for how to clone an existing user security groups to another new user?

  • Poyta

    I ran this net localgroup administrators domainname\username /add
    and worked for me, using windows 10 pro. Thank you so much! Was the only way to put my user inside administrators group.

  • Bob_Bd

    Very Informative webpage, thanks for the information, am going to check tomorrow when in work to see if can help with enabling a locked down user start a program that needs administrative abilities, but once program started the administer priviledges need removing, I thin your info will solve my problem so thanks if it does, if it doesnt I’ll leave another comment with HELP!!
    Bob_Smith

  • jj

    If you get the Trust Relationship error make sure the “netlogon” service is running on the workstation. You’ll see this a lot in when trying to update group policies as well.

  • Joe

    Hi

    Really well laid out article with no “Look what I know” fluff. Thank you and we will add the advise as go to resource!

  • Mister-X

    how can I add domain group to local administrator group on server 2019 ?
    net localgroup testgroup domain\domaingroup /add
    does not work: The global user or group account does not exist:

    Thanks

Leave a Comment