How to Set User Full Name and Description in Batch Script
Maintaining accurate metadata for your user accounts, specifically the "Full Name" and "Comment" (Description) fields, is a key component of professional system administration. When you audit a machine and see a user named "temp_01," it is far more helpful to see a description that says "Guest Auditor - Project Delta." While these names can be added in the "Computer Management" GUI, using a Batch script is the most efficient way to standardize these fields across multiple local or domain accounts.
This guide explains how to use the net user command to update user descriptions.
Why Update Full Names and Descriptions?
- Audit Compliance: Ensuring every local account has a clear owner and a documented purpose, making security audits much faster and more accurate.
- Bulk Onboarding: Automatically setting the correct Full Name (extracted from an HR CSV) for dozens of new accounts in a single pass.
- Service Account Clarity: Adding a comment to background accounts like "SQLService" so that future technicians know exactly which database it belongs to.
The net user command updates the Local computer by default. To update the centralized record in Active Directory, you must add the /domain flag to your command.
Method 1: Updating a Single Account
The /fullname and /comment flags allow you to update these fields instantly. Ensure you wrap the values in "Quotes" if they contain spaces.
@echo off
setlocal
:: Check for admin rights
net session >nul 2>&1
if %errorlevel% neq 0 (
echo [ERROR] Administrator privileges are required.
pause
exit /b 1
)
set "USN=jdoe"
set "REAL_NAME=Johnathan Doe"
set "INFO=Lead Developer - Server Team"
:: Verify the user exists
net user "%USN%" >nul 2>&1
if %errorlevel% neq 0 (
echo [ERROR] User "%USN%" not found.
pause
exit /b 1
)
echo [PROCESS] Updating metadata for "%USN%"...
:: Apply the new attributes
net user "%USN%" /fullname:"%REAL_NAME%" /comment:"%INFO%"
if %errorlevel% equ 0 (
echo [SUCCESS] Identity and description updated.
echo Full Name: %REAL_NAME%
echo Comment: %INFO%
) else (
echo [ERROR] Failed to update. Code: %errorlevel%
)
pause
Output:
[PROCESS] Updating metadata for "jdoe"...
The command completed successfully.
[SUCCESS] Identity and description updated.
Full Name: Johnathan Doe
Comment: Lead Developer - Server Team
Press any key to continue . . .
Method 2: Adding a Description During Account Creation
You can set these fields at the exact moment you create the account, ensuring that no "Anonymous" or "Undocumented" accounts are ever created.
@echo off
setlocal
:: Check for admin rights
net session >nul 2>&1
if %errorlevel% neq 0 (
echo [ERROR] Administrator privileges are required.
pause
exit /b 1
)
echo [PROCESS] Creating new documented account...
:: Prompt for password instead of hardcoding
set /p "NEW_USER=Username: "
echo Enter password:
set /p "NEW_PWD="
if "%NEW_USER%"=="" (
echo [ERROR] No username entered.
pause
exit /b 1
)
if "%NEW_PWD%"=="" (
echo [ERROR] No password entered.
pause
exit /b 1
)
:: Creating a new user with all metadata in one command
net user "%NEW_USER%" "%NEW_PWD%" /add /fullname:"Temporary Auditor" /comment:"Auto-expires in 30 days"
if %errorlevel% equ 0 (
echo [SUCCESS] User "%NEW_USER%" created with full documentation.
) else (
echo [ERROR] Failed to create account. Code: %errorlevel%
echo [HELP] The password may not meet complexity requirements.
)
:: Clear sensitive variable
set "NEW_PWD="
pause
Creating a Standardized "Identity Labeler" Script
This professional script validates inputs, verifies the account exists, and applies standardized labels with confirmation.
@echo off
setlocal EnableDelayedExpansion
echo ============================================================
echo User Identity ^& Documentation Engine
echo ============================================================
:: 1. Verify Administrative Rights
net session >nul 2>&1
if %errorlevel% neq 0 (
echo [CRITICAL] Administrator privileges required.
pause
exit /b 1
)
:: 2. Get inputs
set /p "USN=Target Username: "
if "!USN!"=="" (
echo [ERROR] No username entered.
pause
exit /b 1
)
:: Verify user exists
net user "!USN!" >nul 2>&1
if !errorlevel! neq 0 (
echo [ERROR] User "!USN!" not found.
pause
exit /b 1
)
set /p "REAL=Employee Full Name: "
set /p "DEPT=Department Name: "
:: 3. Show current state
echo.
echo [CURRENT] Account metadata for "!USN!":
net user "!USN!" 2>nul | findstr /i /c:"Full Name" /c:"Comment"
echo.
:: 4. Format the comment
set "DESC=Dept: !DEPT! - Updated: %DATE%"
:: 5. Confirm before applying
echo [PROPOSED] Changes:
echo Full Name: !REAL!
echo Comment: !DESC!
echo.
set /p "CONFIRM=Apply these changes? (Y/N): "
if /i not "!CONFIRM!"=="Y" (
echo [INFO] Cancelled. No changes made.
pause
exit /b 0
)
:: 6. Apply
echo [PROCESS] Updating account metadata...
net user "!USN!" /fullname:"!REAL!" /comment:"!DESC!" >nul 2>&1
if !errorlevel! equ 0 (
echo [SUCCESS] "!USN!" is now fully documented.
echo.
echo [VERIFY] Updated metadata:
net user "!USN!" 2>nul | findstr /i /c:"Full Name" /c:"Comment"
) else (
echo [FAIL] Could not update account. Code: !errorlevel!
echo [HELP] Comment field is limited to ~48 characters for local accounts.
)
echo ============================================================
pause
Common Pitfalls and How to Avoid Them
Administrative Rights
Users cannot modify their own "Full Name" or "Comment" fields. You must run your Batch script (and the CMD window) as an Administrator.
Character Limits
The "Comment" field has a character limit (usually 48 characters for local accounts, though AD supports more).
Wrong Way:
:: Trying to write a whole paragraph into the comment field
net user USN /comment:"This is a very long description that includes the manager name, the cube number, the extension..."
Advise your users that if they need to store "Extended" data, they should reconsider using the Comment field and instead use the "Notes" tab in Active Directory or a dedicated HR database.
Best Practices for Identity Documentation
- Format Consistency: Use a separator (like
|or-) in your comments to separate different types of data (e.g.,Dept | Project | ID). - Date Stamping: Always include the date of the last modification in the comment field so auditors know how fresh the data is.
- Audit Blank Fields: Periodically run a "Fetch" script (like the one in our previous guide) to find accounts with empty descriptions and use this "Update" script to fix them.
Be aware that net user also supports a /usercomment flag. This is a separate field used by some legacy system tools. For standard Windows visibility, always prioritize the /comment flag.
Conclusion
Setting the full name and description of a local or domain user via Batch script is a fundamental requirement for maintaining a professional and well-audited Windows environment. By leveraging the net user utility to automate the labeling of your identities, you can ensure that every account has a clear owner and a documented purpose. This professional approach to system identification reduces administrative confusion, simplifies security audits, and provides a clear, automated mechanism for managing your organization's user metadata across the entire Windows network.