New-LocalGroup Name, Description Max Length Flipped

[RamblingPSTech]

Type of issue

Code doesn't work

Feedback

Summary

The documentation is written as experienced but is the opposite of the intended functionality.

Validation of the string length for the 'Description' and 'Name' paramters are flipped in the Microsoft.PowerShell.LocalAccounts module New-LocalGroup cmdlet on multiple operating system versions.

The max string length for the 'Description' should be 256 and the max string length for the 'Name" should be 48.

The module cmdlet is coded in a way that parameter validation fails with description.length greater than 48, and allows name.length to 256

---

Steps To Reproduce

Environment

OS:

• Windows Server 2012
• Windows Server 2016
• Windows Server 2019
• Windows Server 2022
• Windows Server 2025
• Windows 11

PowerShell version

• Windows PowerShell 5.1
• PowerShell 7.4.6 (on Windows OS)

Module Version

Command:

Get-Module Microsoft.PowerShell.LocalAccounts

Results:

ModuleType Version    PreRelease Name                                ExportedCommands
---------- -------    ---------- ----                                ----------------
Binary     1.0.0.0               Microsoft.PowerShell.LocalAccounts  {Add-LocalGroupMember, Disable-LocalUser, Enable-LocalUser, Get-LocalGroup…}

PowerShell Module GUID

8e362604-2c0b-448f-a414-a6a690a644e2

---

Test Case 1 - Name length = 13, Description length = 257

Test Case 1 - Command

New-LocalGroup -Description "Members of this group may connect to this computer using SSH v1.Members of this group may connect to this computer using SSH v2. Members of this group may connect to this computer using SSH v3. Members of this group may connect to this computer using SSH v." -Name "OpenSSH Users" -WhatIf

Test Case 1 - Expected Result

Error: Description greater than 256 characters.

New-LocalGroup: Cannot validate argument on parameter 'Description'. The character length of the 257 argument is too long. Shorten the character length of the argument so it is fewer than or equal to "256" characters, and then try the command again.

Test Case 1 - Actual Result

Error: Description greater than 48 characters.

New-LocalGroup: Cannot validate argument on parameter 'Description'. The character length of the 257 argument is too long. Shorten the character length of the argument so it is fewer than or equal to "48" characters, and then try the command again.

---

Test Case 2 - Name length = 257, Description length = 13

Test Case 2 - Command

New-LocalGroup -Name "Members of this group may connect to this computer using SSH v1.Members of this group may connect to this computer using SSH v2. Members of this group may connect to this computer using SSH v3. Members of this group may connect to this computer using SSH v." -Description "OpenSSH Users" -WhatIf

Test Case 2 - Expected Results

Error: Name greater than 48 characters.

New-LocalGroup: Cannot validate argument on parameter 'Name'. The character length of the 257 argument is too long. Shorten the character length of the argument so it is fewer than or equal to "48" characters, and then try the command again.

Test Case 2 - Actual Results

Error: Name greater than 256 characters.

New-LocalGroup: Cannot validate argument on parameter 'Name'. The character length of the 257 argument is too long. Shorten the character length of the argument so it is fewer than or equal to "256" characters, and then try the command again.

---

Test Case 3 - Name length = 61, Description length = 13

Test Case 3 - Command

New-LocalGroup -Name "Members of this group may connect to this computer using SSH." -Description "OpenSSH Users" -WhatIf

Test Case 3 - Expected Results

Error: Name greater than 48 characters.

New-LocalGroup: Cannot validate argument on parameter 'Name'. The character length of the 61 argument is too long. Shorten the character length of the argument so it is fewer than or equal to "48" characters, and then try the command again.

Test Case 3 - Actual Results

Success: Performing What If operation...

What if: Performing the operation "Create new local group" on target "Members of this group may connect to this computer using SSH.".

---

The only code I could find regarding this PowerShell module was found here:

https://github.com/PowerShell/PowerShell/
Path: src/Microsoft.PowerShell.LocalAccounts/LocalAccounts/Commands/NewLocalGroupCommand.cs

This NewLocalGroupCommand.cs has a data validation length for a "Description" parameter of 256 and does not have a validation length for the "Name" parameter defined. Its functionality is significantly different than what is experienced in the last 5 releases of the Windows Server operating system over the last 7 (?) years

Admittedly this is probably the wrong place to post this issue, but maybe someone who knows someone can forward it to the right person or group so this erroneous PowerShell Module code in the Windows OS can be corrected.

Once the code for the publish module in the Windows OS is corrected, then this document should be updated to flip the values name.length.max=256,description.length.max=48 to the intended functionality values of name.length.max=48,description.length.max=256

Page URL

https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.localaccounts/new-localgroup?view=powershell-5.1

Content source URL

https://github.com/MicrosoftDocs/PowerShell-Docs/blob/main/reference/5.1/Microsoft.PowerShell.LocalAccounts/New-LocalGroup.md

Author

@sdwheeler

Document Id

cb508518-61a2-1ef0-4d19-2bd59123113a

[sdwheeler]

I can update the documentation to reflect the actual size limits. But you should file an issue in the PowerShell source code repository. This is a bug in the code for sure.