using System;
using System.Collections;
using System.Collections.Generic;
using System.ComponentModel;
using System.Linq;
using Vanara.Extensions;
using Vanara.InteropServices;
using Vanara.PInvoke;
using static Vanara.PInvoke.NetApi32;
namespace Vanara
{
/// Represents a user account on a server.
[DefaultProperty(nameof(UserName))]
public sealed class UserAccount : IEquatable, INamedEntity
{
/// The base date
internal static readonly DateTime baseDate = new(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc);
/// Initializes a new instance of the class.
/// Name of the user.
/// The target.
internal UserAccount(string userName, string target) { UserName = userName; Target = target; }
///
/// This member can be one or more of the following values.
///
/// Note that setting user account control flags may require certain privileges and control access rights. For more information, see
/// the Remarks section of the NetUserSetInfo function.
///
///
///
/// Value
/// Meaning
///
/// -
/// UF_SCRIPT
/// The logon script executed. This value must be set.
///
/// -
/// UF_ACCOUNTDISABLE
/// The user's account is disabled.
///
/// -
/// UF_HOMEDIR_REQUIRED
/// The home directory is required. This value is ignored.
///
/// -
/// UF_PASSWD_NOTREQD
/// No password is required.
///
/// -
/// UF_PASSWD_CANT_CHANGE
/// The user cannot change the password.
///
/// -
/// UF_LOCKOUT
///
/// The account is currently locked out. You can call the NetUserSetInfo function to clear this value and unlock a previously locked
/// account. You cannot use this value to lock a previously unlocked account.
///
///
/// -
/// UF_DONT_EXPIRE_PASSWD
/// The password should never expire on the account.
///
/// -
/// UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED
/// The user's password is stored under reversible encryption in the Active Directory.
///
/// -
/// UF_NOT_DELEGATED
/// Marks the account as "sensitive"; other users cannot act as delegates of this user account.
///
/// -
/// UF_SMARTCARD_REQUIRED
/// Requires the user to log on to the user account with a smart card.
///
/// -
/// UF_USE_DES_KEY_ONLY
/// Restrict this principal to use only Data Encryption Standard (DES) encryption types for keys.
///
/// -
/// UF_DONT_REQUIRE_PREAUTH
/// This account does not require Kerberos preauthentication for logon.
///
/// -
/// UF_TRUSTED_FOR_DELEGATION
///
/// The account is enabled for delegation. This is a security-sensitive setting; accounts with this option enabled should be tightly
/// controlled. This setting allows a service running under the account to assume a client's identity and authenticate as that user
/// to other remote servers on the network.
///
///
/// -
/// UF_PASSWORD_EXPIRED
/// The user's password has expired. Windows 2000: This value is ignored.
///
/// -
/// UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION
///
/// The account is trusted to authenticate a user outside of the Kerberos security package and delegate that user through
/// constrained delegation. This is a security-sensitive setting; accounts with this option enabled should be tightly controlled.
/// This setting allows a service running under the account to assert a client's identity and authenticate as that user to
/// specifically configured services on the network. Windows XP/2000: This value is ignored.
///
///
///
///
/// The following values describe the account type. Only one value can be set. You cannot change the account type using the
/// NetUserSetInfo function.
///
///
///
/// Value
/// Meaning
///
/// -
/// UF_NORMAL_ACCOUNT
/// This is a default account type that represents a typical user.
///
/// -
/// UF_TEMP_DUPLICATE_ACCOUNT
///
/// This is an account for users whose primary account is in another domain. This account provides user access to this domain, but
/// not to any domain that trusts this domain. The User Manager refers to this account type as a local user account.
///
///
/// -
/// UF_WORKSTATION_TRUST_ACCOUNT
/// This is a computer account for a computer that is a member of this domain.
///
/// -
/// UF_SERVER_TRUST_ACCOUNT
/// This is a computer account for a backup domain controller that is a member of this domain.
///
/// -
/// UF_INTERDOMAIN_TRUST_ACCOUNT
/// This is a permit to trust account for a domain that trusts other domains.
///
///
///
/// The account control flags.
public UserAcctCtrlFlags AccountControlFlags
{
get => NetUserGetInfo(Target, UserName).usri1_flags;
set => NetUserSetInfo(Target, UserName, new USER_INFO_1008 { usri1008_flags = value });
}
/// The date and time when the account expires. A value of indicates that the account never expires.
/// The account expiration.
public DateTime? AccountExpiration
{
get => DWORDtoDT(NetUserGetInfo(Target, UserName).usri2_acct_expires);
set => NetUserSetInfo(Target, UserName, new USER_INFO_1017 { usri1017_acct_expires = DTtoDWORD(value) });
}
///
/// A string that is reserved for use by applications. This string can be a string, or it can have any number
/// of characters. Microsoft products use this member to store user configuration information. Do not modify this information.
///
/// The parms.
public string AppParams
{
get => NetUserGetInfo(Target, UserName).usri11_parms;
set => NetUserSetInfo(Target, UserName, new USER_INFO_1013 { usri1013_parms = value });
}
///
///
/// The number of times the user tried to log on to the account using an incorrect password. A value of – 1 indicates that the value
/// is unknown. Calls to the NetUserAdd and NetUserSetInfo functions ignore this member.
///
///
/// This member is replicated from the primary domain controller (PDC); it is also maintained on each backup domain controller (BDC)
/// in the domain. To obtain an accurate value, you must query each BDC in the domain. The number of times the user tried to log on
/// using an incorrect password is the largest value retrieved.
///
///
/// The bad password count.
public uint BadPasswordCount => NetUserGetInfo(Target, UserName).usri11_bad_pw_count;
/// The code page for the user's language of choice.
/// The code page.
public uint CodePage
{
get => NetUserGetInfo(Target, UserName).usri11_code_page;
set => NetUserSetInfo(Target, UserName, new USER_INFO_1025 { usri1025_code_page = value });
}
///
/// A string that contains a comment to associate with the user account. The string can be a string, or it
/// can have any number of characters.
///
/// The comment.
public string Comment
{
get => NetUserGetInfo(Target, UserName).usri10_comment;
set => NetUserSetInfo(Target, UserName, new USER_INFO_1007 { usri1007_comment = value });
}
/// The country/region code for the user's language of choice.
/// The country code.
public uint CountryCode
{
get => NetUserGetInfo(Target, UserName).usri11_country_code;
set => NetUserSetInfo(Target, UserName, new USER_INFO_1024 { usri1024_country_code = value });
}
///
/// A string that contains the full name of the user. This string can be a string, or it can have any number
/// of characters.
///
/// The full name.
public string FullName
{
get => NetUserGetInfo(Target, UserName).usri10_full_name;
set => NetUserSetInfo(Target, UserName, new USER_INFO_1011 { usri1011_full_name = value });
}
/// Retrieves a list of global groups to which a specified user belongs.
/// A sequence of global groups to which this user belongs.
///
///
/// If you call this function on a domain controller that is running Active Directory, access is allowed or denied based on the
/// access control list (ACL) for the securable object. The default ACL permits all authenticated users and members of the
/// "Pre-Windows 2000 compatible access" group to view the information. If you call this function on a member server or workstation,
/// all authenticated users can view the information. For information about anonymous access and restricting anonymous access on
/// these platforms, see Security Requirements for the Network Management Functions. For more information on ACLs, ACEs, and access
/// tokens, see Access Control Model.
///
/// The security descriptor of the User object is used to perform the access check for this function.
///
public IEnumerable GlobalGroups => NetUserGetGroups(Target, UserName).Select(i => i.grui0_name);
/// A string that specifies the drive letter assigned to the user's home directory for logon purposes.
/// The home directory drive letter.
public string HomeDirectoryDriveLetter
{
get => NetUserGetInfo(Target, UserName).usri3_home_dir_drive;
set => NetUserSetInfo(Target, UserName, new USER_INFO_1053 { usri1053_home_dir_drive = value });
}
///
/// A string specifying the path of the home directory of the user specified by the UserName member. The string can be .
///
/// The home folder.
public string HomeFolder
{
get => NetUserGetInfo(Target, UserName).usri1_home_dir;
set => NetUserSetInfo(Target, UserName, new USER_INFO_1006 { usri1006_home_dir = value });
}
///
/// This member is currently not used.
/// The date and time when the last logoff occurred.
///
/// This member is maintained separately on each backup domain controller (BDC) in the domain. To obtain an accurate value, you must
/// query each BDC in the domain. The last logoff occurred at the time indicated by the largest retrieved value.
///
///
/// The last logoff.
public DateTime? LastLogoff => DWORDtoDT(NetUserGetInfo(Target, UserName).usri11_last_logoff);
///
/// The date and time when the last logon occurred.
///
/// This member is maintained separately on each backup domain controller (BDC) in the domain. To obtain an accurate value, you must
/// query each BDC in the domain. The last logon occurred at the time indicated by the largest retrieved value.
///
///
/// The last logon.
public DateTime LastLogon => DWORDtoDT(NetUserGetInfo(Target, UserName).usri11_last_logon).GetValueOrDefault();
///
/// Retrieves a list of local groups to which a specified user belongs, including local groups in which the user is indirectly a
/// member (that is, the user has membership in a global group that is itself a member of one or more local groups).
///
/// A sequence of local groups to which this user belongs.
///
///
/// If you call this function on a domain controller that is running Active Directory, access is allowed or denied based on the
/// access control list (ACL) for the securable object. The default ACL permits all authenticated users and members of the
/// "Pre-Windows 2000 compatible access" group to view the information. If you call this function on a member server or workstation,
/// all authenticated users can view the information. For information about anonymous access and restricting anonymous access on
/// these platforms, see Security Requirements for the Network Management Functions. For more information on ACLs, ACEs, and access
/// tokens, see Access Control Model.
///
///
/// The security descriptor of the Domain object is used to perform the access check for this function. The caller must have Read
/// Property permission on the Domain object.
///
///
public IEnumerable LocalGroups => NetUserGetLocalGroups(Target, UserName, GetLocalGroupFlags.LG_INCLUDE_INDIRECT).Select(i => i.lgrui0_name);
///
///
/// A pointer to a 168-bit array that specifies the times during which the user can log on. Each bit represents a unique hour in the
/// week, in Greenwich Mean Time (GMT).
///
///
/// The first bit (bit 0, word 0) is Sunday, 0:00 to 0:59; the second bit (bit 1, word 0) is Sunday, 1:00 to 1:59; and so on. Note
/// that bit 0 in word 0 represents Sunday from 0:00 to 0:59 only if you are in the GMT time zone. In all other cases you must
/// adjust the bits according to your time zone offset (for example, GMT minus 8 hours for Pacific Standard Time).
///
///
/// Specify in this member when calling the NetUserAdd function to indicate no time restriction. Specify a
/// pointer when calling the NetUserSetInfo function to indicate that no change is to be made to the times
/// during which the user can log on.
///
///
/// The logon hours.
/// LogonHours
public BitArray LogonHours
{
get
{
IntPtr ptr = NetUserGetInfo(Target, UserName).usri11_logon_hours;
return new BitArray(ptr.ToArray(21));
}
set
{
if (value is null)
{
NetUserSetInfo(Target, UserName, new USER_INFO_1020 { usri1020_units_per_week = UnitsPerWeek });
return;
}
if (value.Count != 168)
{
throw new ArgumentOutOfRangeException(nameof(LogonHours));
}
byte[] bytes = new byte[21];
value.CopyTo(bytes, 0);
using SafeByteArray mem = new(bytes);
NetUserSetInfo(Target, UserName, new USER_INFO_1020 { usri1020_units_per_week = UnitsPerWeek, usri1020_logon_hours = mem.DangerousGetHandle() });
}
}
///
///
/// A string that contains the name of the server to which logon requests are sent. Server names should be preceded by two
/// backslashes (\). To indicate that the logon request can be handled by any logon server, specify an asterisk (\*) for the server
/// name. A string indicates that requests should be sent to the domain controller.
///
/// For Windows servers, the NetUserGetInfo function returns \*.
///
/// The logon server.
public string LogonServer
{
get => NetUserGetInfo(Target, UserName).usri11_logon_server;
set => NetUserSetInfo(Target, UserName, new USER_INFO_1023 { usri1023_logon_server = value });
}
///
/// The maximum amount of disk space the user can use. Specify to use all available disk space.
///
/// The maximum storage.
public uint MaxStorage
{
get => NetUserGetInfo(Target, UserName).usri11_max_storage;
set => NetUserSetInfo(Target, UserName, new USER_INFO_1018 { usri1018_max_storage = value });
}
///
/// The user's operator privileges.
///
/// For the NetUserGetInfo function, the appropriate value is returned based on the local group membership. If the user is a member
/// of Print Operators, AF_OP_PRINT is set. If the user is a member of Server Operators, AF_OP_SERVER is set. If the user is a
/// member of the Account Operators, AF_OP_ACCOUNTS is set. AF_OP_COMM is never set.
///
/// This member can be one or more of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// AF_OP_PRINT
/// The print operator privilege is enabled.
///
/// -
/// AF_OP_COMM
/// The communications operator privilege is enabled.
///
/// -
/// AF_OP_SERVER
/// The server operator privilege is enabled.
///
/// -
/// AF_OP_ACCOUNTS
/// The accounts operator privilege is enabled.
///
///
///
/// The operator privileges.
public UserOpPriv OperatorPrivileges
{
get => NetUserGetInfo(Target, UserName).usri11_auth_flags;
set => NetUserSetInfo(Target, UserName, new USER_INFO_1010 { usri1010_auth_flags = value });
}
///
/// A string that specifies the password for the user identified by the UserName member. The length cannot exceed PWLEN bytes.
///
/// The password.
public string Password
{
set => NetUserSetInfo(Target, UserName, new USER_INFO_1003 { usri1003_password = value });
}
/// The time elapsed since the Password member was last changed.
/// The password age.
public TimeSpan PasswordAge => TimeSpan.FromSeconds(NetUserGetInfo(Target, UserName).usri1_password_age);
///
/// The password expiration information.
/// The NetUserGetInfo function return zero if the password has not expired (and nonzero if it has).
///
/// When you call NetUserAdd or NetUserSetInfo, specify a nonzero value in this member to inform users that they must change their
/// password at the next logon. To turn off this message, call NetUserSetInfo and specify zero in this member. Note that you
/// cannot specify zero to negate the expiration of a password that has already expired.
///
///
/// if [password expired]; otherwise, .
public bool PasswordExpired => NetUserGetInfo(Target, UserName).usri3_password_expired != 0;
///
/// The relative identifier (RID) of the Primary Global Group for the user. When you call the NetUserAdd function, this
/// member must be DOMAIN_GROUP_RID_USERS (defined in WinNT.h). When you call NetUserSetInfo, this member must be the RID of
/// a global group in which the user is enrolled. For more information, see Well-Known SIDs and SID Components.
///
/// The primary group identifier.
public uint PrimaryGroupId
{
get => NetUserGetInfo(Target, UserName).usri3_primary_group_id;
set => NetUserSetInfo(Target, UserName, new USER_INFO_1051 { usri1051_primary_group_id = value });
}
///
///
/// The level of privilege assigned to the UserName member. For more information about user and group account rights, see Privileges.
///
///
///
/// Value
/// Meaning
///
/// -
/// USER_PRIV_GUEST
/// Guest
///
/// -
/// USER_PRIV_USER
/// User
///
/// -
/// USER_PRIV_ADMIN
/// Administrator
///
///
///
/// The privilege.
public UserPrivilege Privilege => NetUserGetInfo(Target, UserName).usri1_priv;
///
/// A string that specifies a path to the user's profile. This value can be a string, a local absolute path,
/// or a UNC path.
///
/// The profile path.
public string ProfilePath
{
get => NetUserGetInfo(Target, UserName).usri3_profile;
set => NetUserSetInfo(Target, UserName, new USER_INFO_1052 { usri1052_profile = value });
}
///
/// A string specifying the path for the user's logon script file. The script file can be a .CMD file, an .EXE file, or a .BAT file.
/// The string can also be .
///
/// The script path.
public string ScriptPath
{
get => NetUserGetInfo(Target, UserName).usri1_script_path;
set => NetUserSetInfo(Target, UserName, new USER_INFO_1009 { usri1009_script_path = value });
}
///
/// The number of times the user logged on successfully to this account. A value of – 1 indicates that the value is unknown.
///
/// This member is maintained separately on each backup domain controller (BDC) in the domain. To obtain an accurate value, you must
/// query each BDC in the domain. The number of times the user logged on successfully is the sum of the retrieved values.
///
///
/// The successful logons.
public uint SuccessfulLogons => NetUserGetInfo(Target, UserName).usri11_num_logons;
///
/// Gets a string that specifies the DNS or NetBIOS name of the remote server on which the user account resides. If this value is
/// , the local computer is assumed.
///
/// The target.
public string Target { get; }
///
///
/// The number of equal-length time units into which the week is divided. This value is required to compute the length of the bit
/// string in the logon_hours member.
///
/// This value must be UNITS_PER_WEEK for LAN Manager 2.0. This element is ignored by the NetUserAdd and NetUserSetInfo functions.
/// For service applications, the units must be one of the following values: SAM_DAYS_PER_WEEK, SAM_HOURS_PER_WEEK, or SAM_MINUTES_PER_WEEK.
///
/// The units per week.
public uint UnitsPerWeek
{
get => NetUserGetInfo(Target, UserName).usri11_units_per_week;
set => NetUserSetInfo(Target, UserName, new USER_INFO_1020 { usri1020_units_per_week = value, usri1020_logon_hours = IntPtr.Zero });
}
///
/// A string that contains a user comment. This string can be a string, or it can have any number of characters.
///
/// The user comment.
public string UserComment
{
get => NetUserGetInfo(Target, UserName).usri10_usr_comment;
set => NetUserSetInfo(Target, UserName, new USER_INFO_1012 { usri1012_usr_comment = value });
}
/// A string that specifies the name of the user account.
/// The name of the user.
public string UserName { get; }
/// A pointer to a SID structure that contains the security identifier (SID) that uniquely identifies the user.
/// The user sid.
public PSID UserSid => NetUserGetInfo(Target, UserName).usri23_user_sid;
///
/// An array of strings that contains the names of workstations from which the user can log on. As many as eight workstations can be
/// specified. If you do not want to restrict the number of workstations, use a value. To disable logons from
/// all workstations to this account, set the UF_ACCOUNTDISABLE value in the AccountControlFlags member.
///
/// The workstations.
public string[] Workstations
{
get => NetUserGetInfo(Target, UserName).usri11_workstations?.Split(',');
set => NetUserSetInfo(Target, UserName, new USER_INFO_1014 { usri1014_workstations = value is null || value.Length == 0 ? null : string.Join(",", value) });
}
///
string INamedEntity.Name => UserName;
/// Changes the password for a specified network server or domain.
/// A string that specifies the user's old password.
/// A string that specifies the user's new password.
///
/// A string that specifies the DNS or NetBIOS name of a remote server or domain on which the function is to execute. If this
/// parameter is NULL, the logon domain of the caller is used.
///
///
///
/// If an application calls the NetUserChangePassword function on a domain controller that is running Active Directory,
/// access is allowed or denied based on the access control list (ACL) for the securable object. The default ACL permits only Domain
/// Admins and Account Operators to call this function. On a member server or workstation, only Administrators and Power Users can
/// call this function. A user can change his or her own password. For more information, see Security Requirements for the Network
/// Management Functions. For more information on ACLs, ACEs, and access tokens, see Access Control Model.
///
///
/// The security descriptor of the User object is used to perform the access check for this function. In addition, the caller must
/// have the "Change password" control access right on the User object. This right is granted to Anonymous Logon and Everyone by default.
///
/// Note that for the function to succeed, the oldpassword parameter must match the password as it currently exists.
///
/// In some cases, the process that calls the NetUserChangePassword function must also have the SE_CHANGE_NOTIFY_NAME
/// privilege enabled; otherwise, NetUserChangePassword fails and GetLastError returns ERROR_ACCESS_DENIED. This privilege is
/// not required for the LocalSystem account or for accounts that are members of the administrators group. By default,
/// SE_CHANGE_NOTIFY_NAME is enabled for all users, but some administrators may disable the privilege for everyone. For more
/// information about account privileges, see Privileges and Authorization Constants.
///
///
/// See Forcing a User to Change the Logon Password for a code sample that demonstrates how to force a user to change the logon
/// password on the next logon using the NetUserGetInfo and NetUserSetInfo functions.
///
///
/// The NetUserChangePassword function does not control how the oldpassword and newpassword parameters are secured when sent
/// over the network to a remote server. Any encryption of these parameters is handled by the Remote Procedure Call (RPC) mechanism
/// supported by the network redirector that provides the network transport. Encryption is also controlled by the security
/// mechanisms supported by the local computer and the security mechanisms supported by remote network server or domain specified in
/// the domainname parameter. For more details on security when the Microsoft network redirector is used and the remote network
/// server is running Microsoft Windows, see the protocol documentation for MS-RPCE, MS-SAMR, MS-SPNG, and MS-NLMP.
///
///
public void ChangePassword(string oldPassword, string newPassword, string domainName = null) => NetUserChangePassword(domainName, UserName, oldPassword, newPassword).ThrowIfFailed();
/// Equalses the specified other.
/// The other.
///
public bool Equals(UserAccount other) => other?.UserName == UserName && other.Target == Target;
internal static uint DTtoDWORD(DateTime? dt) => dt.HasValue ? (uint)(dt.Value.ToUniversalTime() - baseDate).TotalSeconds : uint.MaxValue;
internal static DateTime? DWORDtoDT(uint baseSec) => baseSec == 0 || baseSec == uint.MaxValue ? null : (baseDate + TimeSpan.FromSeconds(baseSec)).ToLocalTime();
}
/// Represents the collection of user accounts on a server.
public class UserAccounts : ICollection
{
/// Initializes a new instance of the class.
///
/// The DNS or NetBIOS name of the remote server on which the user account resides. If this value is , the
/// local computer is assumed.
///
public UserAccounts(string target = null) => Target = target;
///
/// Gets the DNS or NetBIOS name of the remote server on which the user account resides. If this value is ,
/// the local computer is assumed.
///
/// The target.
public string Target { get; }
/// Gets the number of elements contained in the collection.
/// The number of elements contained in the collection.
public int Count => Enumerate().Count();
/// Gets a value indicating whether the collection is read only.
/// if the collection is read only; otherwise, .
bool ICollection.IsReadOnly => false;
/// Adds a user account and assigns a password and other key properties.
/// The name of the user account.
/// The password of the user. The length cannot exceed PWLEN bytes.
/// The optional path of the home directory for the user.
/// An optional comment to associate with the user account.
/// The script path.
/// Flags that describe the account type and options.
/// On success, returns an instance of for the specified user.
///
///
/// If you call this function on a domain controller that is running Active Directory, access is allowed or denied based on the
/// access control list (ACL) for the securable object. The default ACL permits only Domain Admins and Account Operators to call
/// this function. On a member server or workstation, only Administrators and Power Users can call this function. For more
/// information, see Security Requirements for the Network Management Functions. For more information on ACLs, ACEs, and access
/// tokens, see Access Control Model.
///
///
/// The security descriptor of the user container is used to perform the access check for this function. The caller must be able to
/// create child objects of the user class.
///
///
/// Server users must use a system in which the server creates a system account for the new user. The creation of this account is
/// controlled by several parameters in the server's LanMan.ini file.
///
/// If the newly added user already exists as a system user, the parameter is ignored.
///
/// When you call the AddNew function, the call initializes the additional members in the object to
/// their default values. You can change the default values by setting properties on the object.
///
///
/// User account names are limited to 20 characters and group names are limited to 256 characters. In addition, account names cannot
/// be terminated by a period and they cannot include commas or any of the following printable characters: ", /, , [, ], :, |, <,
/// >, +, =, ;, ?, *. Names also cannot include characters in the range 1-31, which are non-printable.
///
///
public UserAccount Add(string userName, string password, string homeFolder = null, string comment = null,
string scriptPath = null, UserAcctCtrlFlags flags = 0)
{
flags |= UserAcctCtrlFlags.UF_SCRIPT;
NetUserAdd(Target, new USER_INFO_1
{
usri1_name = userName,
usri1_password = password,
usri1_home_dir = homeFolder,
usri1_comment = comment,
usri1_script_path = scriptPath,
usri1_flags = flags,
usri1_priv = UserPrivilege.USER_PRIV_USER
}, 1);
return new UserAccount(userName, Target);
}
/// Removes all items from the collection.
public void Clear()
{
foreach (UserAccount a in Enumerate().ToArray())
{
Remove(a);
}
}
/// Determines whether the collection contains the specified user account.
/// The user account to find.
/// if the collection contains the specified user account, otherwise, .
public bool Contains(UserAccount item) => Enumerate().Contains(item);
/// Copies the elements of the collection to an Array, starting at a particular Array index.
///
/// The one-dimensional Array that is the destination of the elements copied from the collection. The Array must have zero-based indexing.
///
/// The zero-based index in at which copying begins.
public void CopyTo(UserAccount[] array, int arrayIndex)
{
UserAccount[] a = Enumerate().ToArray();
Array.Copy(a, 0, array, arrayIndex, a.Length);
}
/// Returns an enumerator that iterates through the collection.
/// An enumerator that can be used to iterate through the collection.
public IEnumerator GetEnumerator() => Enumerate().GetEnumerator();
/// Deletes this account from the server.
///
///
/// If you call this function on a domain controller that is running Active Directory, access is allowed or denied based on the
/// access control list (ACL) for the securable object. The default ACL permits only Domain Admins and Account Operators to call
/// this function. On a member server or workstation, only Administrators and Power Users can call this function. For more
/// information, see Security Requirements for the Network Management Functions. For more information on ACLs, ACEs, and access
/// tokens, see Access Control Model.
///
/// The security descriptor of the User object is used to perform the access check for this function.
///
/// An account cannot be deleted while a user or application is accessing a server resource. If the user was added to the system
/// with a call to the NetUserAdd function, deleting the user also deletes the user's system account.
///
///
public bool Remove(UserAccount user) => NetUserDel(user.Target, user.UserName).Succeeded;
///
void ICollection.Add(UserAccount item) => throw new NotImplementedException();
/// Returns an enumerator that iterates through the collection.
/// An enumerator that can be used to iterate through the collection.
IEnumerator IEnumerable.GetEnumerator() => GetEnumerator();
private IEnumerable Enumerate() => NetUserEnum(Target, 0).Select(u => new UserAccount(u.usri0_name, Target));
}
}