Creating Windows 2019 User from PHP using command line

Question

I have a requirement to add a user to my windows 2019 web server from a PHP web application I am using a command line command:

NET USER sbarker mypassword /ADD /FULLNAME:"Sue Barker" /PASSWORDCHG:NO /PASSWORDREQ:YES /LOGONPASSWORDCHG:NO /EXPIRES:NEVER

This works fine from a standard command line when logged on as administrator on the server (as you would expect).

To implement this from PHP I am using the following, which I believe to be the correct syntax/format:

<?php   
    $username = "sbarker";
    $userpass = "secure1";
    $fullname = "Sue Barker";
    echo exec("start cmd /C:\Users\Administrator NET USER $username $userpass /ADD /FULLNAME:$fullname /PASSWORDCHG:NO /PASSWORDREQ:YES /LOGONPASSWORDCHG:NO /EXPIRES:NEVER");
?>

This produces no new user, probably because of permissions. What permissions do I need to set to allow user creation? What are my liabilities from a security point of view? Is there a better way of creating a windows user from a PHP web application.

EDIT:

Tried the following with no success:

<?php   
    $test = shell_exec('C:\\WINDOWS\\system32\\cmd.exe /c 2>&1 "NET USER test test /ADD"');
    echo "<pre>$test</pre>";
?>

The result was a System error 5 has occurred. Access is denied. error

Answer 1

After extensive research and dead ends, it looks like Microsoft has locked this down to such an extent that programmatically adding users is not possible. Personally I wish they would give developers the choice to execute batch scripts with elevated privileges rather than 'just saying no'.

The basic answer is that it looks like this is not possible.

Answer 2

This is very much still possible, and i just did it.

You need to set the Application Pool identity as administrator, then it shall work.