NET.EXE /ADD command does not support names longer than 20 characters (324639)


The information in this article applies to:

  • Microsoft Windows NT Server 4.0 Terminal Server Edition
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional
  • Microsoft Windows XP Home Edition
  • Microsoft Windows XP Professional
  • Microsoft Windows NT Workstation 4.0
This article was previously published under Q324639

SYMPTOMS

When you use the NET.EXE command with the /ADD switch and long user or group names, this only redisplays the NET syntax. You receive no error message.

Example: 

C:\>NET.EXE localgroup MyRemoteUsers "REMOTE INTERACTIVE LOGON" /ADD

The syntax of this command is:

NET LOCALGROUP [groupname [/COMMENT:"text"]] [/DOMAIN]
groupname {/ADD [/COMMENT:"text"] | /DELETE}  [/DOMAIN]
groupname name [...] {/ADD | /DELETE} [/DOMAIN]

The same action does work with the GUI Computer Management, Local Users and Groups Microsoft Management Console (MMC).

CAUSE

The NET.EXE command does not support names longer than 20 characters for reasons of backward compatibility with LAN Manager 2.0.

For additional information about this LAN Manager 2.0 limitation, click the following article number to view the article in the Microsoft Knowledge Base:

131417 Windows NT global groups are limited to 20 character names

RESOLUTION

If the graphical user interface (GUI) method cannot be used and a scripting method is required, use the Windows 2000 Resource Kit utility Cusrmgr.exe. Or, use VBScript, using an application programming interface (API) that supports names longer than 20 characters.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

MORE INFORMATION

In the example in the "Symptoms" section of this article, use the following Cusrmgr.exe syntax:

C:\>CUSRMGR.EXE -u "REMOTE INTERACTIVE LOGON" -alg "MyRemoteUsers"
This issue may also occur with localized versions in which built-in groups exceed the 20 character name limit -- for example, with the German name for "Authenticated Users" (19 characters): "Authentifizierte Benutzer" (25 characters).

The following sample VBScript may be adapted and used as an additional workaround. It adds "Authenticated Users" to "Power Users" for the English and German version: 
##### VBScript ADDGRP.VBS #####
 
On Error Resume Next 
 
Dim oContainer 
Dim oGroup 
Dim oIADs 

Dim oComputerInformation 
Dim bolGroupSet 
bolGroupSet = False 
 
Set oComputerInformation = CreateObject("WScript.Network") 
 
Set oContainer = GetObject("WinNT://" + 
oComputerInformation.ComputerName) 'get the IADsContainer object for the  local computer 
 
oContainer.Filter = Array("Group") 'We only need to enumerate groups,
therefore the filter 
For Each oIADs In oContainer 'for each IADs object we find there 
If oIADs.Name = "Hauptbenutzer" Or oIADs.Name = "Power Users" Then 
'check if it has the name "Power Users" or "Hauptbenutzer" 
 
Set oGroup = oIADs 'If so put it into the IADsGroup object 
oGroup.Add ("WinNT://S-1-5-11") 'add the group "Authenticated Users" 
oGroup.SetInfo 'and save the info 
 
If Err <> 0 Then 'if error number is not 0 (Error occurred) 
MsgBox Err.Number, vbCritical, "AddGroup" 'print out the error message 
Else 'if everything seems to be ok 
bolGroupSet = True 'set the boolean value to True so we know the group was added 
End If 
 
End If 
Next 
 
If bolGroupSet = True Then 'if bolGroupSet is False there was nothing done 
MsgBox "Group added successfully", vbInformation, "AddGroup" 
Else 
MsgBox "No action has taken place!", vbExclamation, "AddGroup" 
End If 
 
##### script end #####
Modification Type:MajorLast Reviewed:11/3/2004
Keywords:kbprb KB324639
©2004 Microsoft Corporation. All rights reserved.