1

I'm using the following command in a PowerShell script to create new local user accounts. The account is created successfully, the correct password is set and I can logon to it fine. 

NET USER USER_01 "Password" /ADD /expires:NEVER /fullname:"USER_01" /comment:"MY Comment"

But after about 1 to 2 weeks the account suddenly expires and I'm no longer able to RDP to the account.

Error

I have tried both the parameters /expires:NEVER and /expires:0 but both still expire down the line.

Am I missing something here?

Richard
  • 133
  • 10
  • is it really the account that expire, or the password that should be changed? This is two different timers. Aren't there any GPO that could overwrite those settings? – JFL Aug 05 '15 at 09:05
  • Password GPO set to expire in 42 days and the a password was changed weekly. Even after resetting the password with the admin account I still could not log on, still comes back expired. So it looks like its the account not the its password. – Richard Aug 05 '15 at 09:10

1 Answers1

1

Your usage of NET USER with /EXPIRES:NEVER appears to be correct.
https://support.microsoft.com/en-us/kb/251394
However it is a VERY old tool, probably not getting much attention back in Redmond. After I create an account that way, and look at the account, the PNE flag is not set.

Why are you still using "NET.EXE"? There are powershell cmdlets for new user creation that are much more useful.

write-host "Password for new account:"
$pass1 = read-host -assecurestring
$pass2 = ConvertTo-SecureString -AsPlainText "something" -force
New-ADUser -SamAccountName "glenjohn" -Name "glenjohn" -GivenName "Glen" -Surname "John" -DisplayName "Glen John" -UserPrincipalName "glenjohn@stuff.com" -Accountpassword $pass1 -enabled $true -PasswordNeverExpires $true

EDIT:

Oops! I overlooked the word "local" in your post.
You CAN do local account in powershell, but it takes 8-10 lines of code.
Try this:

NET USER JOE "password" /ADD /y
WMIC USERACCOUNT WHERE "Name='JOE'" SET PasswordExpires=FALSE
Clayton
  • 4,483
  • 16
  • 24
  • I'm trying to create local users on the machine as it isn't connected to the domain. I didn't think that `New-AdUser` could do this, does this command not require Active Directory? Also what is the PNE flags job? – Richard Aug 06 '15 at 18:54