One of the main things I seem to use Drush for is managing user accounts. This is particularly because I work with some large multisite instances where user accounts need to be added/removed/amended across all sites in bulk.
This is a quick reference to some of the common tasks, as well as some Drush SQL queries which I use to get around a couple of things you can't do purely with Drush syntax. For a full list of the Drush user commands check out DrushCommands.com
Using Drush in a multisite setup
If you're not familiar with running Drush across multisite instances, this where @sites comes in handy. For example drush @sites cc - when run it in the root of your multisite instance - will clear the cache of all sites within the multisite setup
To run your Drush command for one site in a multisite install, you will need to omit @sites, and run the command from within that individual sites folder. This is the folder which contains that sites settings.php file, eg. /sites/mySite/.
Adding a new user account to all sites
drush @sites user-create Bob --firstname.lastname@example.org' --password='xxxxx'
Remove a user account on all sites
drush @sites user-cancel Bob
Block/disable a user account on all sites
drush @sites user-block Bob
Using SQL query and users email address:
drush @sites sqlq "UPDATE users SET status = '0' WHERE lower(mail) = 'email@example.com'"
Add a new role to all sites
drush @sites role-create 'testrole'
Assign a user a role on all sites
drush @sites user-add-role 'testrole' --name=Bob
Add permissions to a role across on all sites
Firstly I manually set up the permissions on one site via the site interface. Once I've done that I get a list of all those permissions that have been added to that one site using Drush.
drush role-list 'testrole'
Once you have the list of permissions it's easy to generate Drush scripts for adding them across all sites.
Unfortunately it seems you have to add each one individually with Drush 6 - this is a pain as it clears the site cache after each addition.
drush @sites role-add-perm 'testrole' 'some permission1' drush @sites role-add-perm 'testrole' 'some permission2'
With Drush 7 you can add a string of permissions.
drush @sites role-add-perm 'testrole' 'some permission1' drush @sites role-add-perm 'testrole' "'some permission1','some permission2'"
Reset user password across all sites
drush @sites upwd Bob --password='xxxxxxxxx'
Use SQL query to update user details
In the below example I'm resetting the name and email for the sites 'super-admin', ie. user 1.
drush @sites sqlq "update users set name='Bob', firstname.lastname@example.org' where uid = 1;"
SQL to find user by Email address & change their Username
When you want to change a users password with Drush you do it by querying against their username. If a user needs their password changed on a multisite instance, and has used inconsistent usernames but similar email address you can't easily run the password reset. You can use the below to make all the usernames the same, and after that you can easily run the Drush command to change their password across all sites. BTW the 'lower(mail)' bit just makes sure that the email address match isn't case sensitive.
drush @sites sqlq "UPDATE users SET name = 'billy.bob' WHERE lower(mail) = 'email@example.com'"
Avid Drupal site builder & user for +10 years.