Single post

Create a Local Windows User Account [C#/.NET]

Using the Windows net command, it’s easy to create local Windows User Accounts. The syntax for the net command is:

net user [username] [password] /ADD

The following C# function takes in three parameters — username, password and home directory.

using System.Diagnostics;

public void CreateLocalUser(string username, string password, string homedir)
  {
  if (!Directory.Exists(homedir))
    Directory.CreateDirectory(homedir);

  Process MyProc = new Process();
  MyProc.StartInfo.WorkingDirectory = @"C:\WINNT\SYSTEM32";
  MyProc.StartInfo.FileName = "net.exe";
  MyProc.StartInfo.UseShellExecute = false;
  MyProc.StartInfo.RedirectStandardError = true;
  MyProc.StartInfo.RedirectStandardInput = true;
  MyProc.StartInfo.RedirectStandardOutput = true;
  MyProc.StartInfo.WindowStyle = ProcessWindowStyle.Hidden;

  MyProc.StartInfo.Arguments = @" user " + username + @" " + password + @" /ADD /ACTIVE:YES " +
    @"/EXPIRES:NEVER /FULLNAME:" + username + @" /HOMEDIR:""" + 
    homedir + @""" /PASSWORDCHG:NO /PASSWORDREQ:YES";

  MyProc.Start();
  MyProc.WaitForExit();
  MyProc.Close();
  }

It assumes a few settings for the user and creates a local User account. You can alter the settings to anything you want. Try “net help user” in your DOS prompt for what each of the switches mean/do.

M N Zaman
December 14th, 2004 at 8:14 pm

how to set flag using net user command that password never expires?

Mikhail
December 15th, 2004 at 1:25 pm

Hi Zaman: Type “net help user” in the command prompt to see a detailed listing of available options.

NA
January 14th, 2005 at 12:52 am

A suggestion: Use System.Environment.SystemDirectory instead of hard-coding the system directory path

Dan
May 25th, 2006 at 11:55 pm

Seems like a hack to use another process. Why not just do it yourself?

Like this:

public static void CreateLocalUser(string username, string password, string description)
{
DirectoryEntry AD = new DirectoryEntry(“WinNT://” + Environment.MachineName + “,computer”);
DirectoryEntry NewUser = AD.Children.Add(username, “user”);
NewUser.Invoke(“SetPassword”, new object[] { password });
NewUser.Invoke(“Put”, new object[] { “Description”, description });
NewUser.CommitChanges();
}

Just my 2 cents. Other than that, it’s perfectly functional as long as net.exe exists and your Windows directory is “C:\WINNT\SYSTEM32”, which isn’t always the case.

dtp
January 24th, 2007 at 2:55 am

Also windows paths in C# need to have the backslashes escaped as in C:\WINNT\…

Mark Lambert
November 30th, 2007 at 3:27 pm

or you can use
using System.DirectoryServices.AccountManagement;

then it is even more straight forward.

PrincipalContext pc = new PrincipalContext(ContextType.Machine);
System.DirectoryServices.AccountManagement.UserPrincipal u = new UserPrincipal(pc);
u.SetPassword(password);
u.Name = username;
u.Description = description;
u.UserCannotChangePassword = true;
u.PasswordNeverExpires = true;
u.Save();

Peter
January 23rd, 2008 at 5:53 am

Looks like the System.DirectoryServices.AccountManagement namespace is only available in .Net 3.5.

Dan’s CreateLocalUser method looks like pretty good option for non .Net 3.5 users.

MD
February 10th, 2008 at 6:48 am

Brilliant Mark, absolutely brilliant. Using System.DirectoryServices.AccountManagement really simplifies the process. Thanks for the code… I just had to put quotes on the username, description and password.

December 7th, 2008 at 1:17 am

dtp,
Before posting on a forum, just make sure you know what you are talking about which is obviously not the case, otherwise you would know that “\” is equivalent to @”\”

Aditya Bhave
September 3rd, 2009 at 4:33 am

The new account with Dan’s code does not come up in User Accounts in Control Panel. How can it be done?

Lunkan
October 13th, 2009 at 3:25 pm

Regarding the new user not showing up in the “Users Tab” in the control panel. This is because the user does not belong to any groups. Don’t fret this is easily accomplished. Using Marks Code here:

PrincipalContext pc = new PrincipalContext(ContextType.Machine);
System.DirectoryServices.AccountManagement.UserPrincipal u = new UserPrincipal(pc);
u.SetPassword(password);
u.Name = username;
u.Description = description;
u.UserCannotChangePassword = true;
u.PasswordNeverExpires = true;
u.Save();

Now to add this user to the “Users” group so the new entry shows up under users do this:

GroupPrincipal gPc = GroupPrincipal.FindByIdentity(pc, “Users”);
gPc.Members.Add(u);
gPc.Save();

Voila now the user shows up in the control panel.

October 17th, 2009 at 5:02 pm

brilliant help

ragaei
June 27th, 2011 at 8:28 pm

how to set expiration date?????

Alok
January 18th, 2012 at 4:32 pm

Mark and lucan I tried your source, but i am facing “Access is denied”…Can you help on this?

Brian
July 17th, 2014 at 11:56 pm

“Access is Denied” will appear without “Run As Administrator” from an executable.
In development mode, you must open VS by right-clicking the VS icon and select “Run As Administrator”. Then when you run the code within VS you will have access.
If you compiling to an executable, when running the executable you will have to do the same thing.
If you compile to a web site, you’d have to run your application pool under a custom identity that has permissions. This is not recommended for security reasons, but would be the only way to run the code.

LEAVE A COMMENT

theme by teslathemes