The NetUserEnum function provides information about all user accounts on a server.
Security Requirements
Only members of the Administrators or Account operators local group can successfully execute NetUserEnum at levels 1 and 2. No special group membership is required at level 0 or 10.
NET_API_STATUS NetUserEnum(
| LPWSTR servername, | |
| DWORD level, | |
| DWORD filter, | |
| LPBYTE *bufptr, | |
| DWORD prefmaxlen, | |
| LPDWORD entriesread, | |
| LPDWORD totalentries, | |
| LPDWORD resume_handle | |
| ); |
Parameters
servername
Pointer to a Unicode string containing the name of the remote server on which the function is to execute. A NULL pointer or string specifies the local computer.
level
Specifies one of the following values to return the level of information provided.
| Value | Meaning |
| 0 | The bufptr parameter points to an array of USER_INFO_0 structures. |
| 1 | The bufptr parameter points to an array of USER_INFO_1 structures. |
| 2 | The bufptr parameter points to an array of USER_INFO_2 structures. |
| 3 | The bufptr parameter points to an array of USER_INFO_3 structures. |
| 10 | The bufptr parameter points to an array of USER_INFO_10 structures. |
| 11 | The bufptr parameter points to an array of USER_INFO_11 structures. |
| 12 | The bufptr parameter points to an array of USER_INFO_20 structures. |
filter
Specifies a filter of account types to enumerate. A value of zero implies all account types. Allowable values are:
| Value | Meaning |
| FILTER_TEMP_DUPLICATE_ACCOUNTS | Enumerates local user account data on a domain controller. |
| FILTER_NORMAL_ACCOUNT | Enumerates global user account data on a computer. |
| FILTER_INTERDOMAIN_TRUST_ACCOUNT | Enumerates domain trust account data on a domain controller. |
| FILTER_WORKSTATION_TRUST_ACCOUNT | Enumerates workstation or member server account data on a domain controller. |
| FILTER_SERVER_TRUST_ACCOUNT | Enumerates domain controller account data on a domain controller. |
bufptr
Pointer to the buffer in which the data set with the level parameter is stored. The returned buffer should be deallocated using the NetApiBufferFree function.
prefmaxlen
Preferred maximum length, in 8-bit bytes of returned data.
entriesread
Pointer to a DWORD that contains the actual enumerated element count.
totalentries
Pointer to a DWORD that contains the total number of entries that could have been enumerated from the current resume position. EXCEPTION: If the call is to a computer that is running LAN Manager 2.x, the totalentries parameter will always reflect the total number of entries in the database no matter where it is in the resume sequence.
resume_handle
Pointer to a DWORD that contains resume_handle, which is used to continue an existing user search. The handle should be zero on the first call and left unchanged for subsequent calls. If resume_handle is NULL, then no resume handle is stored.
Return Values
If the function is successful, it returns NERR_SUCCESS.
If the function fails, the return value is one of the following error codes.
| Value | Meaning |
| ERROR_ACCESS_DENIED | The user does not have access to the requested information. |
| NERR_InvalidComputer | The computer name is invalid. |
| ERROR_MORE_DATA | More entries are available with subsequent calls. |
Remarks
The NetUserEnum function returns the full set of USER_INFO_0 or USER_INFO_1 components. If level is set to 1, the password component of each data structure will be set to NULL to maintain password security. The NetUserEnum does not return all Windows NT system users. It returns only those users who have been added by the NetUserAdd function.
See Also
NetUserGetGroups, NetUserGetInfo, USER_INFO_0, USER_INFO_1, NetUserAdd