NET.EXE /ADD command does not support names longer than 20 characters

Article translations Article translations
Article ID: 324639 - View products that this article applies to.
This article was previously published under Q324639
Expand all | Collapse all


When you use the NET.EXE command with the /ADD switch and long user or group names, this only redisplays the NET syntax. You receive no error message.


The syntax of this command is:

NET LOCALGROUP [groupname [/COMMENT:"text"]] [/DOMAIN]
groupname {/ADD [/COMMENT:"text"] | /DELETE}  [/DOMAIN]
groupname name [...] {/ADD | /DELETE} [/DOMAIN]
The same action does work with the GUI Computer Management, Local Users and Groups Microsoft Management Console (MMC).


The NET.EXE command does not support names longer than 20 characters for reasons of backward compatibility with LAN Manager 2.0.

For additional information about this LAN Manager 2.0 limitation, click the following article number to view the article in the Microsoft Knowledge Base:
131417 Windows NT global groups are limited to 20 character names


If the graphical user interface (GUI) method cannot be used and a scripting method is required, use the Windows 2000 Resource Kit utility Cusrmgr.exe. Or, use VBScript, using an application programming interface (API) that supports names longer than 20 characters.


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.


In the example in the "Symptoms" section of this article, use the following Cusrmgr.exe syntax:

This issue may also occur with localized versions in which built-in groups exceed the 20 character name limit -- for example, with the German name for "Authenticated Users" (19 characters): "Authentifizierte Benutzer" (25 characters).

The following sample VBScript may be adapted and used as an additional workaround. It adds "Authenticated Users" to "Power Users" for the English and German version:
##### VBScript ADDGRP.VBS #####
On Error Resume Next 
Dim oContainer 
Dim oGroup 
Dim oIADs 

Dim oComputerInformation 
Dim bolGroupSet 
bolGroupSet = False 
Set oComputerInformation = CreateObject("WScript.Network") 
Set oContainer = GetObject("WinNT://" + 
oComputerInformation.ComputerName) 'get the IADsContainer object for the  local computer 
oContainer.Filter = Array("Group") 'We only need to enumerate groups,
therefore the filter 
For Each oIADs In oContainer 'for each IADs object we find there 
If oIADs.Name = "Hauptbenutzer" Or oIADs.Name = "Power Users" Then 
'check if it has the name "Power Users" or "Hauptbenutzer" 
Set oGroup = oIADs 'If so put it into the IADsGroup object 
oGroup.Add ("WinNT://S-1-5-11") 'add the group "Authenticated Users" 
oGroup.SetInfo 'and save the info 
If Err <> 0 Then 'if error number is not 0 (Error occurred) 
MsgBox Err.Number, vbCritical, "AddGroup" 'print out the error message 
Else 'if everything seems to be ok 
bolGroupSet = True 'set the boolean value to True so we know the group was added 
End If 
End If 
If bolGroupSet = True Then 'if bolGroupSet is False there was nothing done 
MsgBox "Group added successfully", vbInformation, "AddGroup" 
MsgBox "No action has taken place!", vbExclamation, "AddGroup" 
End If 
##### script end #####


Article ID: 324639 - Last Review: March 2, 2009 - Revision: 6.0
  • Microsoft Windows Server 2003 R2 Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003 R2 Enterprise Edition (32-Bit x86)
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows 2000 Professional Edition
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows XP Home Edition
  • Microsoft Windows XP Professional
  • Microsoft Windows NT Workstation 4.0 Developer Edition
  • Microsoft Windows NT Server 4.0, Terminal Server Edition
kbprb KB324639

Give Feedback


Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from