Platform SDK: Network Management

NetUserEnum

The NetUserEnum function provides information about all user accounts on a server.

To quickly enumerate user, computer, or global group account information, call the NetQueryDisplayInformation function.

Security Requirements

Windows NT: No special group membership is required to successfully execute the NetUserEnum function.

Windows 2000: If you call this function on a Windows 2000 domain controller that is running Active Directory, access is allowed or denied based on the access-control list (ACL) for the securable object. The default ACL permits all authenticated users and members of the "Pre-Windows 2000 compatible access" group to view the information. By default, the "Pre-Windows 2000 compatible access" group includes Everyone as a member. This enables anonymous access to the information if the system allows anonymous access.

If you call this function on a Windows 2000 member server or workstation, all authenticated users can view the information. Anonymous access is also permitted if the RestrictAnonymous policy setting allows anonymous access.

For more information about restricting anonymous access, see Security Requirements for the Network Management Functions.

NET_API_STATUS NetUserEnum(
  LPCWSTR servername,    
  DWORD level,           
  DWORD filter,          
  LPBYTE *bufptr,        
  DWORD prefmaxlen,      
  LPDWORD entriesread,   
  LPDWORD totalentries,  
  LPDWORD resume_handle  
);

Parameters

servername

[in] Pointer to a constant Unicode string specifying the name of the remote server on which the function is to execute. The string must begin with \\. If this parameter is NULL, the local computer is used.

level

[in] Specifies the information level of the data. This parameter can be one of the following values.

Value	Meaning
0	Return user account names. The bufptr parameter points to an array of USER_INFO_0 structures.
1	Return detailed information about user accounts. The bufptr parameter points to an array of USER_INFO_1 structures.
2	Return level one information and additional attributes about user accounts. The bufptr parameter points to an array of USER_INFO_2 structures.
3	Return level two information and additional attributes about user accounts. This level is valid only on Windows NT/Windows 2000 servers. The bufptr parameter points to an array of USER_INFO_3 structures.
10	Return user and account names and comments. The bufptr parameter points to an array of USER_INFO_10 structures.
11	Return detailed information about user accounts. The bufptr parameter points to an array of USER_INFO_11 structures.
20	Return the user's name and identifier and various account attributes. The bufptr parameter points to an array of USER_INFO_20 structures.

filter

[in] Specifies a value that filters the account types for enumeration. A value of zero indicates all account types. This parameter can be one of the following values.

Value	Meaning
FILTER_TEMP_DUPLICATE_ACCOUNT	Enumerates local user account data on a domain controller.
FILTER_NORMAL_ACCOUNT	Enumerates global user account data on a computer.
FILTER_INTERDOMAIN_TRUST_ACCOUNT	Enumerates domain trust account data on a domain controller.
FILTER_WORKSTATION_TRUST_ACCOUNT	Enumerates workstation or member server account data on a domain controller.
FILTER_SERVER_TRUST_ACCOUNT	Enumerates domain controller account data on a domain controller.

bufptr

[out] Pointer to the buffer that receives the data. The format of this data depends on the value of the level parameter. This buffer is allocated by the system and must be freed using the NetApiBufferFree function. Note that you must free the buffer even if the function fails with ERROR_MORE_DATA.

prefmaxlen

[in] Specifies the preferred maximum length, in 8-bit bytes of returned data. If you specify MAX_PREFERRED_LENGTH, the function allocates the amount of memory required for the data. If you specify another value in this parameter, it can restrict the number of bytes that the function returns. If the buffer size is insufficient to hold all entries, the function returns ERROR_MORE_DATA. For more information, see Network Management Function Buffers and Network Management Function Buffer Lengths.

entriesread

[out] Pointer to a DWORD value that receives the count of elements actually enumerated.

totalentries

[out] Pointer to a DWORD value that receives the total number of entries that could have been enumerated from the current resume position.

LAN Manager: If the call is to a computer that is running LAN Manager 2.x, the totalentries parameter will always reflect the total number of entries in the database no matter where it is in the resume sequence.

resume_handle

[in/out] Pointer to a DWORD value that contains a resume handle which is used to continue an existing user search. The handle should be zero on the first call and left unchanged for subsequent calls. If resume_handle is NULL, then no resume handle is stored.

Return Values

If the function succeeds, the return value is NERR_Success.

If the function fails, the return value can be one of the following error codes.

Value	Meaning
ERROR_ACCESS_DENIED	The user does not have access to the requested information.
NERR_InvalidComputer	The computer name is invalid.
ERROR_MORE_DATA	More entries are available. Specify a large enough buffer to receive all entries.

Remarks

To retrieve the names and SIDs of domains trusted by a Local Security Authority (LSA) policy object, call the LsaEnumerateTrustedDomains function.

The NetUserEnum function does not return all system users. It returns only those users who have been added with a call to the NetUserAdd function. There is no guarantee that the list of users will be returned in sorted order.

If you call NetUserEnum and specify information level 1, 2, or 3, the password member of each structure is set to NULL to maintain password security.

The following code sample demonstrates how to retrieve information about the user accounts on a server with a call to the NetUserEnum function. The sample calls NetUserEnum, specifying information level 0 (USER_INFO_0) to enumerate only global user accounts. If the call succeeds, the code loops through the entries and prints the name of each user account. Finally, the code sample frees the memory allocated for the information buffer and prints a total of the users enumerated.

#ifndef UNICODE
#define UNICODE
#endif

#include <stdio.h>
#include <assert.h>
#include <windows.h> 
#include <lm.h>

int wmain(int argc, wchar_t *argv[])
{
   LPUSER_INFO_0 pBuf = NULL;
   LPUSER_INFO_0 pTmpBuf;
   DWORD dwLevel = 0;
   DWORD dwPrefMaxLen = -1;
   DWORD dwEntriesRead = 0;
   DWORD dwTotalEntries = 0;
   DWORD dwResumeHandle = 0;
   DWORD i;
   DWORD dwTotalCount = 0;
   NET_API_STATUS nStatus;
   LPTSTR pszServerName = NULL;

   if (argc > 2)
   {
      fwprintf(stderr, L"Usage: %s [\\\\ServerName]\n", argv[0]);
      exit(1);
   }
   // The server is not the default local computer.
   //
   if (argc == 2)
      pszServerName = argv[1];
   wprintf(L"\nUser account on %s: \n", pszServerName);
   //
   // Call the NetUserEnum function, specifying level 0; 
   //   enumerate global user account types only.
   //
   do // begin do
   {
      nStatus = NetUserEnum(pszServerName,
                            dwLevel,
                            FILTER_NORMAL_ACCOUNT, // global users
                            (LPBYTE*)&pBuf,
                            dwPrefMaxLen,
                            &dwEntriesRead,
                            &dwTotalEntries,
                            &dwResumeHandle);
      //
      // If the call succeeds,
      //
      if ((nStatus == NERR_Success) || (nStatus == ERROR_MORE_DATA))
      {
         if ((pTmpBuf = pBuf) != NULL)
         {
            //
            // Loop through the entries.
            //
            for (i = 0; (i < dwEntriesRead); i++)
            {
               assert(pTmpBuf != NULL);

               if (pTmpBuf == NULL)
               {
                  fprintf(stderr, "An access violation has occurred\n");
                  break;
               }
               //
               //  Print the name of the user account.
               //
               wprintf(L"\t-- %s\n", pTmpBuf->usri0_name);

               pTmpBuf++;
               dwTotalCount++;
            }
         }
      }
      //
      // Otherwise, print the system error.
      //
      else
         fprintf(stderr, "A system error has occurred: %d\n", nStatus);
      //
      // Free the allocated buffer.
      //
      if (pBuf != NULL)
      {
         NetApiBufferFree(pBuf);
         pBuf = NULL;
      }
   }
   // Continue to call NetUserEnum while 
   //  there are more entries. 
   // 
   while (nStatus == ERROR_MORE_DATA); // end do
   //
   // Check again for allocated memory.
   //
   if (pBuf != NULL)
      NetApiBufferFree(pBuf);
   //
   // Print the final count of users enumerated.
   //
   fprintf(stderr, "\nTotal of %d entries enumerated\n", dwTotalCount);

   return 0;
}

If you are programming for Active Directory, you may be able to call certain Active Directory Service Interface (ADSI) methods to achieve the same functionality you can achieve by calling the network management user functions. For more information, see IADsUser and IADsComputer.

Requirements