using System;
using System.Runtime.InteropServices;
using Vanara.InteropServices;
using static Vanara.PInvoke.AdvApi32;
using FILETIME = System.Runtime.InteropServices.ComTypes.FILETIME;
namespace Vanara.PInvoke
{
public static partial class NetApi32
{
/// Represents the number of days in a week.
public const uint SAM_DAYS_PER_WEEK = 7;
/// Represents the number of hours in a week.
public const uint SAM_HOURS_PER_WEEK = 24 * SAM_DAYS_PER_WEEK;
/// Represents the number of minutes in a week.
public const uint SAM_MINUTES_PER_WEEK = 60 * SAM_HOURS_PER_WEEK;
/// The units per day
public const uint UNITS_PER_DAY = 24;
/// The units per week
public const uint UNITS_PER_WEEK = UNITS_PER_DAY * 7;
/// Specify USER_MAXSTORAGE_UNLIMITED to use all available disk space.
public const uint USER_MAXSTORAGE_UNLIMITED = unchecked((uint)(-1));
private const int ENCRYPTED_PWLEN = 16;
/// A bitmask of flags that affect the operation.
[PInvokeData("lmaccess.h", MSDNShortId = "cc5c1c15-cad7-4103-a2c9-1a8adf742703")]
[Flags]
public enum GetLocalGroupFlags
{
///
/// The function also returns the names of the local groups in which the user is indirectly a member (that is, the user has
/// membership in a global group that is itself a member of one or more local groups).
///
LG_INCLUDE_INDIRECT = 1
}
/// Specifies the role of the logon server.
[PInvokeData("lmaccess.h", MSDNShortId = "2cb7f310-c76e-42fd-892c-fead374af16c")]
public enum LogonServerRole
{
/// The logon server is a stand-alone server.
UAS_ROLE_STANDALONE = 0,
/// The logon server is a member.
UAS_ROLE_MEMBER = 1,
/// The logon server is a backup.
UAS_ROLE_BACKUP = 2,
/// The logon server is a domain controller.
UAS_ROLE_PRIMARY = 3,
}
/// The type of password validation to perform.
[PInvokeData("lmaccess.h", MSDNShortId = "be5ce51b-6568-49c8-954d-7b0d4bcb8611")]
public enum NET_VALIDATE_PASSWORD_TYPE
{
///
/// The application is requesting password validation during authentication. The InputArg parameter points to a
/// NET_VALIDATE_AUTHENTICATION_INPUT_ARG structure. This type of validation enforces password expiration and account lockout policy.
///
[CorrespondingType(typeof(NET_VALIDATE_AUTHENTICATION_INPUT_ARG))]
NetValidateAuthentication = 1,
///
/// The application is requesting password validation during a password change operation. The InputArg parameter points to a
/// NET_VALIDATE_PASSWORD_CHANGE_INPUT_ARG structure.
///
[CorrespondingType(typeof(NET_VALIDATE_PASSWORD_CHANGE_INPUT_ARG))]
NetValidatePasswordChange,
///
/// The application is requesting password validation during a password reset operation. The InputArg parameter points to a
/// NET_VALIDATE_PASSWORD_RESET_INPUT_ARG structure. You can also reset the "lockout state" of a user account by specifying this structure.
///
[CorrespondingType(typeof(NET_VALIDATE_PASSWORD_RESET_INPUT_ARG))]
NetValidatePasswordReset,
}
/// Flags for .
[PInvokeData("lmaccess.h", MSDNShortId = "004bd392-8837-4d98-905a-cd19ed02817d")]
[Flags]
public enum SvcAcctAddFlag
{
///
/// No standalone managed service account is created. If a service account with the specified name exists, it is linked to the
/// local computer. This flag is ignored if the account name is an existing gMSA.
///
SERVICE_ACCOUNT_FLAG_LINK_TO_HOST_ONLY = 0x00000001,
}
/// Flags for .
[PInvokeData("lmaccess.h", MSDNShortId = "f67745b7-bdfd-44bc-83e0-2ad24b78e137")]
public enum SvcAcctRemFlag
{
///
/// For sMSAs, the service account object is unlinked from the local computer and the secret stored in the LSA is deleted. The
/// service account object is not deleted from the Active Directory database. This flag has no meaning for gMSAs.
///
SERVICE_ACCOUNT_FLAG_UNLINK_FROM_HOST_ONLY = 0x00000001,
}
/// User account control flags.
[PInvokeData("lmaccess.h", MSDNShortId = "bdb1bef0-51f1-41d7-97fb-bda4ad24e386")]
[Flags]
public enum UserAcctCtrlFlags
{
/// The logon script executed. This value must be set.
UF_SCRIPT = 0x0001,
/// The user's account is disabled.
UF_ACCOUNTDISABLE = 0x0002,
/// The uf homedir required
UF_HOMEDIR_REQUIRED = 0x0008,
///
/// The account is currently locked out (blocked). For the NetUserSetInfo function, this value can be cleared to unlock a
/// previously locked account. This value cannot be used to lock a previously unlocked account.
///
UF_LOCKOUT = 0x0010,
/// No password is required.
UF_PASSWD_NOTREQD = 0x0020,
/// The user cannot change the password.
UF_PASSWD_CANT_CHANGE = 0x0040,
/// The user's password is stored under reversible encryption in the Active Directory.
UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED = 0x0080,
///
/// An account for users whose primary account is in another domain. This account provides user access to this domain, but not to
/// any domain that trusts this domain. The User Manager refers to this account type as a local user account.
///
UF_TEMP_DUPLICATE_ACCOUNT = 0x0100,
/// A default account type that represents a typical user.
UF_NORMAL_ACCOUNT = 0x0200,
/// A permit to trust account for a domain that trusts other domains.
UF_INTERDOMAIN_TRUST_ACCOUNT = 0x0800,
/// A computer account for a workstation or a server that is a member of this domain.
UF_WORKSTATION_TRUST_ACCOUNT = 0x1000,
/// A computer account for a backup domain controller that is a member of this domain.
UF_SERVER_TRUST_ACCOUNT = 0x2000,
/// Mask for machine account flags.
UF_MACHINE_ACCOUNT_MASK = (UF_INTERDOMAIN_TRUST_ACCOUNT | UF_WORKSTATION_TRUST_ACCOUNT | UF_SERVER_TRUST_ACCOUNT),
/// Mask for account type flags
UF_ACCOUNT_TYPE_MASK = (UF_TEMP_DUPLICATE_ACCOUNT | UF_NORMAL_ACCOUNT | UF_INTERDOMAIN_TRUST_ACCOUNT | UF_WORKSTATION_TRUST_ACCOUNT | UF_SERVER_TRUST_ACCOUNT),
/// Represents the password, which will never expire on the account.
UF_DONT_EXPIRE_PASSWD = 0x10000,
/// This bit is ignored by clients and servers.
UF_MNS_LOGON_ACCOUNT = 0x20000,
/// Requires the user to log on to the user account with a smart card.
UF_SMARTCARD_REQUIRED = 0x40000,
///
/// The account is enabled for delegation. This is a security-sensitive setting; accounts with this option enabled should be
/// tightly controlled. This setting allows a service running under the account to assume a client's identity and authenticate as
/// that user to other remote servers on the network.
///
UF_TRUSTED_FOR_DELEGATION = 0x80000,
/// Marks the account as "sensitive"; other users cannot act as delegates of this user account.
UF_NOT_DELEGATED = 0x100000,
/// Restrict this principal to use only Data Encryption Standard (DES) encryption types for keys.
UF_USE_DES_KEY_ONLY = 0x200000,
/// This account does not require Kerberos preauthentication for logon.
UF_DONT_REQUIRE_PREAUTH = 0x400000,
///
/// The user's password has expired.
/// Windows 2000: This value is not supported.
///
UF_PASSWORD_EXPIRED = 0x800000,
///
/// The account is trusted to authenticate a user outside of the Kerberos security package and delegate that user through
/// constrained delegation. This is a security-sensitive setting; accounts with this option enabled should be tightly controlled.
/// This setting allows a service running under the account to assert a client's identity and authenticate as that user to
/// specifically configured services on the network.
/// Windows XP/2000: This value is not supported.
///
UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = 0x1000000,
///
/// This bit is used by the Kerberos protocol. It indicates that when the key distribution center (KDC) is issuing a service
/// ticket for this account, the privilege attribute certificate (PAC) is not to be included. For more information, see [RFC4120].
///
UF_NO_AUTH_DATA_REQUIRED = 0x2000000,
/// Specifies that the object is a read-only domain controller (RODC).
UF_PARTIAL_SECRETS_ACCOUNT = 0x4000000,
/// This bit is ignored by clients and servers.
UF_USE_AES_KEYS = 0x8000000,
/// Mask for settable flags.
UF_SETTABLE_BITS = (UF_SCRIPT | UF_ACCOUNTDISABLE | UF_LOCKOUT | UF_HOMEDIR_REQUIRED | UF_PASSWD_NOTREQD | UF_PASSWD_CANT_CHANGE | UF_ACCOUNT_TYPE_MASK | UF_DONT_EXPIRE_PASSWD | UF_MNS_LOGON_ACCOUNT | UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED | UF_SMARTCARD_REQUIRED | UF_TRUSTED_FOR_DELEGATION | UF_NOT_DELEGATED | UF_USE_DES_KEY_ONLY | UF_DONT_REQUIRE_PREAUTH | UF_PASSWORD_EXPIRED | UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION | UF_NO_AUTH_DATA_REQUIRED | UF_USE_AES_KEYS | UF_PARTIAL_SECRETS_ACCOUNT)
}
///
/// A value that specifies the user account types to be included in the enumeration. A value of zero indicates that all normal user,
/// trust data, and machine account data should be included.
///
[PInvokeData("lmaccess.h", MSDNShortId = "b26ef3c0-934a-4840-8c06-4eaff5c9ff86")]
[Flags]
public enum UserEnumFilter
{
///
/// Enumerates account data for users whose primary account is in another domain. This account type provides user access to this
/// domain, but not to any domain that trusts this domain. The User Manager refers to this account type as a local user account.
///
FILTER_TEMP_DUPLICATE_ACCOUNT = 0x0001,
/// Enumerates normal user account data. This account type is associated with a typical user.
FILTER_NORMAL_ACCOUNT = 0x0002,
/// Undocumented
FILTER_PROXY_ACCOUNT = 0x0004,
///
/// Enumerates interdomain trust account data. This account type is associated with a trust account for a domain that trusts
/// other domains.
///
FILTER_INTERDOMAIN_TRUST_ACCOUNT = 0x0008,
///
/// Enumerates workstation or member server trust account data. This account type is associated with a machine account for a
/// computer that is a member of the domain.
///
FILTER_WORKSTATION_TRUST_ACCOUNT = 0x0010,
///
/// Enumerates member server machine account data. This account type is associated with a computer account for a backup domain
/// controller that is a member of the domain.
///
FILTER_SERVER_TRUST_ACCOUNT = 0x0020,
}
/// A set of bit flags that specify the user's operator privileges.
[PInvokeData("lmaccess.h", MSDNShortId = "6760729a-1d59-430e-8412-1257977af169")]
[Flags]
public enum UserOpPriv
{
/// The print operator privilege is enabled.
AF_OP_PRINT = 0x1,
/// The communications operator privilege is enabled.
AF_OP_COMM = 0x2,
/// The server operator privilege is enabled.
AF_OP_SERVER = 0x4,
/// The accounts operator privilege is enabled.
AF_OP_ACCOUNTS = 0x8,
}
///
/// The level of privilege assigned to the usri[n]_name member. When you call the NetUserAdd function, this member must be
/// USER_PRIV_USER. When you call the NetUserSetInfo function, this member must be the value returned by the NetUserGetInfo function
/// or the NetUserEnum function.
///
[PInvokeData("lmaccess.h", MSDNShortId = "f17a1aef-45f1-461f-975d-75221d08277c")]
public enum UserPrivilege
{
/// Guest
USER_PRIV_GUEST = 0,
/// User
USER_PRIV_USER = 1,
/// Administrator
USER_PRIV_ADMIN = 2,
}
///
///
/// The NetAddServiceAccount function creates a standalone managed service account (sMSA) or retrieves the credentials for a
/// group managed service account (gMSA) and stores the account information on the local computer.
///
///
/// This function has no associated import library. You must use the LoadLibrary and GetProcAddress functions to dynamically link to Logoncli.dll.
///
///
/// Windows Server 2008 R2: Installing a managed service account by using the PowerShell command line interface cmdlet to call
/// this function fails with error code 0xC0000225 when the value of the AccountName parameter does not match the corresponding
/// Security Accounts Manager (SAM) name of the account.
///
///
/// The value of this parameter must be NULL.
/// The name of the account to be created.
/// This parameter is reserved. Do not use it.
///
/// This parameter can be the following value.
///
///
/// Value
/// Meaning
///
/// -
/// SERVICE_ACCOUNT_FLAG_LINK_TO_HOST_ONLY 0x00000001
///
/// No standalone managed service account is created. If a service account with the specified name exists, it is linked to the local
/// computer. This flag is ignored if the account name is an existing gMSA.
///
///
///
///
///
/// If the function succeeds, it returns STATUS_SUCCESS.
/// If the function fails, it returns an error code.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/nf-lmaccess-netaddserviceaccount NTSTATUS NetAddServiceAccount(
// LPWSTR ServerName, LPWSTR AccountName, LPWSTR Password, DWORD Flags );
[DllImport(Lib.NetApi32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)]
[PInvokeData("lmaccess.h", MSDNShortId = "004bd392-8837-4d98-905a-cd19ed02817d")]
public static extern NTStatus NetAddServiceAccount([Optional] string ServerName, string AccountName, [Optional] string Password, SvcAcctAddFlag Flags);
///
///
/// The NetEnumerateServiceAccounts function enumerates the standalone managed service accounts (sMSA) on the specified
/// server. This function only enumerates sMSAs and not group managed service accounts (gMSA).
///
///
/// This function has no associated import library. You must use the LoadLibrary and GetProcAddress functions to dynamically link to Logoncli.dll.
///
///
/// The value of this parameter must be NULL.
/// This parameter is reserved. Do not use it.
/// The number of elements in the Accounts array.
///
/// A pointer to an array of the names of the service accounts on the specified server.
/// When you have finished using the names, free the array by calling the NetApiBufferFree function.
///
///
/// If the function succeeds, it returns STATUS_SUCCESS.
/// If the function fails, it returns an error code.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/nf-lmaccess-netenumerateserviceaccounts NTSTATUS
// NetEnumerateServiceAccounts( LPWSTR ServerName, DWORD Flags, DWORD *AccountsCount, PZPWSTR *Accounts );
[DllImport(Lib.NetApi32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)]
[PInvokeData("lmaccess.h", MSDNShortId = "048116b6-1bae-4dcc-9bd0-a466c395e5d8")]
public static extern NTStatus NetEnumerateServiceAccounts([Optional] string ServerName, [Optional] uint Flags, ref uint AccountsCount, [MarshalAs(UnmanagedType.LPArray)] string[] Accounts);
///
///
/// The NetGetAnyDCName function returns the name of any domain controller (DC) for a domain that is directly trusted by the
/// specified server.
///
///
/// Applications that support DNS-style names should call the DsGetDcName function. This function can locate any DC in any domain,
/// whether or not the domain is directly trusted by the specified server.
///
///
///
/// Pointer to a constant string that specifies the DNS or NetBIOS name of the remote server on which the function is to execute. If
/// this parameter is NULL, the local computer is used. For more information, see the following Remarks section.
///
///
/// Pointer to a constant string that specifies the name of the domain. If this parameter is NULL, the name of the domain
/// controller for the primary domain is used. For more information, see the following Remarks section.
///
///
/// Pointer to an allocated buffer that receives a string that specifies the server name of a domain controller for the domain. The
/// server name is prefixed by \. This buffer is allocated by the system and must be freed using the NetApiBufferFree function. For
/// more information, see Network Management Function Buffers and Network Management Function Buffer Lengths.
///
///
/// If the function succeeds, the return value is NERR_Success.
/// If the function fails, the return value can be one of the following error codes.
///
///
/// Return code
/// Description
///
/// -
/// ERROR_NO_LOGON_SERVERS
/// No domain controllers could be found.
///
/// -
/// ERROR_NO_SUCH_DOMAIN
/// The specified domain is not a trusted domain.
///
/// -
/// ERROR_NO_TRUST_LSA_SECRET
/// The client side of the trust relationship is broken.
///
/// -
/// ERROR_NO_TRUST_SAM_ACCOUNT
/// The server side of the trust relationship is broken or the password is broken.
///
/// -
/// ERROR_DOMAIN_TRUST_INCONSISTENT
/// The server that responded is not a proper domain controller of the specified domain.
///
///
///
///
/// No special group membership is required to successfully execute the NetGetAnyDCName function.
/// If servername specifies a stand-alone workstation or a stand-alone server, no domainname is valid.
///
/// If servername specifies a workstation that is a member of a domain, or a server that is a member of a domain, the domainname must
/// be in the same domain as servername.
///
///
/// If servername specifies a domain controller, the domainname must be one of the domains trusted by the domain for which the server
/// is a controller. The domain controller that this call finds has been operational at least once during this call.
///
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/nf-lmaccess-netgetanydcname NET_API_STATUS NET_API_FUNCTION
// NetGetAnyDCName( IN LPCWSTR servername, IN LPCWSTR domainname, LPBYTE *bufptr );
[DllImport(Lib.NetApi32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)]
[PInvokeData("lmaccess.h", MSDNShortId = "64dacbf4-46c2-4f82-b250-b7d338535e7c")]
public static extern Win32Error NetGetAnyDCName([In, Optional] string servername, [In, Optional] string domainname,
[MarshalAs(UnmanagedType.CustomMarshaler, MarshalTypeRef = typeof(NetApiBufferUnicodeStringMarshaler))] out string bufptr);
///
///
/// The NetGetDCName function returns the name of the primary domain controller (PDC). It does not return the name of the
/// backup domain controller (BDC) for the specified domain. Also, you cannot remote this function to a non-PDC server.
///
///
/// Applications that support DNS-style names should call the DsGetDcName function. Domain controllers in this type of environment
/// have a multi-master directory replication relationship. Therefore, it may be advantageous for your application to use a DC that
/// is not the PDC. You can call the DsGetDcName function to locate any DC in the domain; NetGetDCName returns only the
/// name of the PDC.
///
///
///
/// A pointer to a constant string that specifies the DNS or NetBIOS name of the remote server on which the function is to execute.
/// If this parameter is NULL, the local computer is used.
///
///
/// A pointer to a constant string that specifies the name of the domain. The domain name must be a NetBIOS domain name (for example,
/// microsoft). NetGetDCName does not support DNS-style names (for example, microsoft.com). If this parameter is NULL,
/// the function returns the name of the domain controller for the primary domain.
///
///
/// A pointer to an allocated buffer that receives a string that specifies the server name of the PDC of the domain. The server name
/// is returned as Unicode string prefixed by \. This buffer is allocated by the system and must be freed using the NetApiBufferFree
/// function. For more information, see Network Management Function Buffers and Network Management Function Buffer Lengths.
///
///
/// If the function succeeds, the return value is NERR_Success.
/// If the function fails, the return value can be one of the following error codes.
///
///
/// Return code
/// Description
///
/// -
/// NERR_DCNotFound
/// Could not find the domain controller for the domain specified in the domainname parameter.
///
/// -
/// ERROR_BAD_NETPATH
///
/// The network path was not found. This error is returned if the computer specified in the servername parameter could not be found.
///
///
/// -
/// ERROR_INVALID_NAME
///
/// The name syntax is incorrect. This error is returned if the name specified in the servername parameter contains illegal characters.
///
///
/// -
/// ERROR_NOT_SUPPORTED
/// The request is not supported.
///
///
///
///
/// No special group membership is required to successfully execute the NetGetDCName function.
/// Examples
///
/// The following code sample demonstrates how to retrieve the primary domain controller using the NetGetDCName function. The
/// sample calls NetGetDCName specifying the servername and domainname parameters. If the call succeeds, the code prints
/// information out the name of the primary domain controller. Finally, the sample frees the memory allocated for the buffer where
/// the domain controller name was returned.
///
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/nf-lmaccess-netgetdcname NET_API_STATUS NET_API_FUNCTION
// NetGetDCName( IN LPCWSTR servername, IN LPCWSTR domainname, LPBYTE *bufptr );
[DllImport(Lib.NetApi32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)]
[PInvokeData("lmaccess.h", MSDNShortId = "3e32aacc-088e-455a-bc1b-92274e98d2e5")]
public static extern Win32Error NetGetDCName([In, Optional] string servername, [In, Optional] string domainname,
[MarshalAs(UnmanagedType.CustomMarshaler, MarshalTypeRef = typeof(NetApiBufferUnicodeStringMarshaler))] out string bufptr);
///
/// The NetGetDisplayInformationIndex function returns the index of the first display information entry whose name begins with
/// a specified string or whose name alphabetically follows the string. You can use this function to determine a starting index for
/// subsequent calls to the NetQueryDisplayInformation function.
///
///
/// Pointer to a constant string that specifies the DNS or NetBIOS name of the remote server on which the function is to execute. If
/// this parameter is NULL, the local computer is used.
///
///
/// Specifies the level of accounts to query. This parameter can be one of the following values.
///
///
///
/// Value
/// Meaning
///
/// -
/// 1
/// Query all local and global (normal) user accounts.
///
/// -
/// 2
/// Query all workstation and server user accounts.
///
/// -
/// 3
/// Query all global groups.
///
///
///
///
/// Pointer to a string that specifies the prefix for which to search.
/// Pointer to a value that receives the index of the requested entry.
///
/// If the function succeeds, the return value is NERR_Success.
/// If the function fails, the return value can be one of the following error codes.
///
///
///
/// Return code
/// Description
///
/// -
/// ERROR_ACCESS_DENIED
/// The user does not have access to the requested information.
///
/// -
/// ERROR_INVALID_LEVEL
/// The value specified for the Level parameter is invalid.
///
/// -
/// ERROR_NO_MORE_ITEMS
/// There were no more items on which to operate.
///
/// -
/// NERR_InvalidComputer
/// The computer name is invalid.
///
///
///
///
// NET_API_STATUS NetGetDisplayInformationIndex( _In_ LPCWSTR ServerName, _In_ DWORD Level, _In_ LPCWSTR Prefix, _Out_ LPDWORD
// Index); https://msdn.microsoft.com/en-us/library/windows/desktop/aa370421(v=vs.85).aspx
[DllImport(Lib.NetApi32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)]
[PInvokeData("Lmaccess.h", MSDNShortId = "aa370421")]
public static extern Win32Error NetGetDisplayInformationIndex([In, Optional] string ServerName, uint Level, [In] string Prefix, out uint Index);
///
/// The NetGroupAdd function creates a global group in the security database, which is the security accounts manager (SAM)
/// database or, in the case of domain controllers, the Active Directory.
///
///
/// Pointer to a constant string that specifies the DNS or NetBIOS name of the remote server on which the function is to execute. If
/// this parameter is NULL, the local computer is used.
///
///
/// Specifies the information level of the data. This parameter can be one of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// 0
/// Specifies a global group name. The buf parameter contains a pointer to a GROUP_INFO_0 structure.
///
/// -
/// 1
/// Specifies a global group name and a comment. The buf parameter contains a pointer to a GROUP_INFO_1 structure.
///
/// -
/// 2
///
/// Specifies detailed information about the global group. The buf parameter contains a pointer to a GROUP_INFO_2 structure. Note
/// that on Windows XP and later, it is recommended that you use GROUP_INFO_3 instead.
///
///
/// -
/// 3
///
/// Specifies detailed information about the global group. The buf parameter contains a pointer to a GROUP_INFO_3 structure. Windows
/// 2000: This level is not supported.
///
///
///
///
///
/// Pointer to a buffer that contains the data. The format of this data depends on the value of the level parameter. For more
/// information, see Network Management Function Buffers.
///
///
/// Pointer to a value that receives the index of the first member of the global group information structure in error when
/// ERROR_INVALID_PARAMETER is returned. If this parameter is NULL, the index is not returned on error. For more information,
/// see the NetGroupSetInfo function.
///
///
/// If the function succeeds, the return value is NERR_Success.
/// If the function fails, the return value can be one of the following error codes.
///
///
/// Return code
/// Description
///
/// -
/// ERROR_ACCESS_DENIED
/// The user does not have access to the requested information.
///
/// -
/// NERR_InvalidComputer
/// The computer name is invalid.
///
/// -
/// NERR_GroupExists
/// The global group already exists.
///
/// -
/// NERR_NotPrimary
/// The operation is allowed only on the primary domain controller of the domain.
///
/// -
/// ERROR_INVALID_LEVEL
/// The value specified for the level parameter is invalid.
///
/// -
/// NERR_SpeGroupOp
///
/// The operation is not allowed on certain special groups. These groups include user groups, admin groups, local groups, and guest groups.
///
///
///
///
///
///
/// If you are programming for Active Directory, you may be able to call certain Active Directory Service Interface (ADSI) methods to
/// achieve the same functionality you can achieve by calling the network management group functions. For more information, see IADsGroup.
///
///
/// If you call this function on a domain controller that is running Active Directory, access is allowed or denied based on the
/// access control list (ACL) for the securable object. The default ACL permits only Domain Admins and Account Operators to call this
/// function. On a member server or workstation, only Administrators and Power Users can call this function. For more information,
/// see Security Requirements for the Network Management Functions. For more information on ACLs, ACEs, and access tokens, see Access
/// Control Model.
///
///
/// The security descriptor of the user container is used to perform the access check for this function. The caller must be able to
/// create child objects of the group class. Typically, callers must also have write access to the entire object for calls to this
/// function to succeed.
///
///
/// User account names are limited to 20 characters and group names are limited to 256 characters. In addition, account names cannot
/// be terminated by a period and they cannot include commas or any of the following printable characters: ", /, , [, ], :, |, <,
/// >, +, =, ;, ?, *. Names also cannot include characters in the range 1-31, which are non-printable.
///
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/nf-lmaccess-netgroupadd NET_API_STATUS NET_API_FUNCTION NetGroupAdd(
// LPCWSTR servername, DWORD level, LPBYTE buf, LPDWORD parm_err );
[DllImport(Lib.NetApi32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)]
[PInvokeData("lmaccess.h", MSDNShortId = "fbf90758-79fd-4959-b6d0-ad3872e77242")]
public static extern Win32Error NetGroupAdd([In, Optional] string servername, uint level, IntPtr buf, out uint parm_err);
///
/// The NetGroupAddUser function gives an existing user account membership in an existing global group in the security
/// database, which is the security accounts manager (SAM) database or, in the case of domain controllers, the Active Directory.
///
///
/// Pointer to a constant string that specifies the DNS or NetBIOS name of the remote server on which the function is to execute. If
/// this parameter is NULL, the local computer is used.
///
///
/// Pointer to a constant string that specifies the name of the global group in which the user is to be given membership. For more
/// information, see the following Remarks section.
///
///
/// Pointer to a constant string that specifies the name of the user to be given membership in the global group. For more
/// information, see the following Remarks section.
///
///
/// If the function succeeds, the return value is NERR_Success.
/// If the function fails, the return value can be one of the following error codes.
///
///
/// Return code
/// Description
///
/// -
/// ERROR_ACCESS_DENIED
/// The user does not have access to the requested information.
///
/// -
/// NERR_InvalidComputer
/// The computer name is invalid.
///
/// -
/// NERR_NotPrimary
/// The operation is allowed only on the primary domain controller of the domain.
///
/// -
/// NERR_SpeGroupOp
///
/// The operation is not allowed on certain special groups. These groups include user groups, admin groups, local groups, and guest groups.
///
///
/// -
/// NERR_UserNotFound
/// The user name could not be found.
///
/// -
/// NERR_GroupNotFound
/// The global group name could not be found.
///
///
///
///
///
/// If you call this function on a domain controller that is running Active Directory, access is allowed or denied based on the
/// access control list (ACL) for the securable object. The default ACL permits only Domain Admins and Account Operators to call this
/// function. On a member server or workstation, only Administrators and Power Users can call this function. For more information,
/// see Security Requirements for the Network Management Functions. For more information on ACLs, ACEs, and access tokens, see Access
/// Control Model.
///
/// The security descriptor of the Group object is used to perform the access check for this function.
///
/// User account names are limited to 20 characters and group names are limited to 256 characters. In addition, account names cannot
/// be terminated by a period and they cannot include commas or any of the following printable characters: ", /, , [, ], :, |, <,
/// >, +, =, ;, ?, *. Names also cannot include characters in the range 1-31, which are non-printable.
///
///
/// If you are programming for Active Directory, you may be able to call certain Active Directory Service Interface (ADSI) methods to
/// achieve the same functionality you can achieve by calling the network management group functions. For more information, see IADsGroup.
///
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/nf-lmaccess-netgroupadduser NET_API_STATUS NET_API_FUNCTION
// NetGroupAddUser( LPCWSTR servername, LPCWSTR GroupName, LPCWSTR username );
[DllImport(Lib.NetApi32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)]
[PInvokeData("lmaccess.h", MSDNShortId = "a2eefde8-29e3-4fa1-87db-c7f6d24b699d")]
public static extern Win32Error NetGroupAddUser([Optional] string servername, string GroupName, string username);
///
/// The NetGroupDel function deletes a global group from the security database, which is the security accounts manager (SAM)
/// database or, in the case of domain controllers, the Active Directory.
///
///
/// Pointer to a constant string that specifies the DNS or NetBIOS name of the remote server on which the function is to execute. If
/// this parameter is NULL, the local computer is used.
///
///
/// Pointer to a constant string that specifies the name of the global group account to delete. For more information, see the
/// following Remarks section.
///
///
/// If the function succeeds, the return value is NERR_Success.
/// If the function fails, the return value can be one of the following error codes.
///
///
/// Return code
/// Description
///
/// -
/// ERROR_ACCESS_DENIED
/// The user does not have access to the requested information.
///
/// -
/// NERR_InvalidComputer
/// The computer name is invalid.
///
/// -
/// NERR_NotPrimary
/// The operation is allowed only on the primary domain controller of the domain.
///
/// -
/// NERR_SpeGroupOp
///
/// The operation is not allowed on certain special groups. These groups include user groups, admin groups, local groups, and guest groups.
///
///
/// -
/// NERR_GroupNotFound
/// The global group name could not be found.
///
///
///
///
///
/// If you call this function on a domain controller that is running Active Directory, access is allowed or denied based on the
/// access control list (ACL) for the securable object. The default ACL permits only Domain Admins and Account Operators to call this
/// function. On a member server or workstation, only Administrators and Power Users can call this function. For more information,
/// see Security Requirements for the Network Management Functions. For more information on ACLs, ACEs, and access tokens, see Access
/// Control Model.
///
/// The security descriptor of the Group object is used to perform the access check for this function.
///
/// User account names are limited to 20 characters and group names are limited to 256 characters. In addition, account names cannot
/// be terminated by a period and they cannot include commas or any of the following printable characters: ", /, , [, ], :, |, <,
/// >, +, =, ;, ?, *. Names also cannot include characters in the range 1-31, which are non-printable.
///
///
/// If you are programming for Active Directory, you may be able to call certain Active Directory Service Interface (ADSI) methods to
/// achieve the same functionality you can achieve by calling the network management group functions. For more information, see IADsGroup.
///
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/nf-lmaccess-netgroupdel NET_API_STATUS NET_API_FUNCTION NetGroupDel(
// LPCWSTR servername, LPCWSTR groupname );
[DllImport(Lib.NetApi32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)]
[PInvokeData("lmaccess.h", MSDNShortId = "e637d1af-c900-4c91-a771-1428f9cfac8b")]
public static extern Win32Error NetGroupDel([Optional] string servername, string groupname);
///
/// The NetGroupDelUser function removes a user from a particular global group in the security database, which is the security
/// accounts manager (SAM) database or, in the case of domain controllers, the Active Directory.
///
///
/// Pointer to a constant string that specifies the DNS or NetBIOS name of the remote server on which the function is to execute. If
/// this parameter is NULL, the local computer is used.
///
///
/// Pointer to a constant string that specifies the name of the global group from which the user's membership should be removed. For
/// more information, see the following Remarks section.
///
///
/// Pointer to a constant string that specifies the name of the user to remove from the global group. For more information, see the
/// following Remarks section.
///
///
/// If the function succeeds, the return value is NERR_Success.
/// If the function fails, the return value can be one of the following error codes.
///
///
/// Return code
/// Description
///
/// -
/// ERROR_ACCESS_DENIED
/// The user does not have access to the requested information.
///
/// -
/// NERR_InvalidComputer
/// The computer name is invalid.
///
/// -
/// NERR_NotPrimary
/// The operation is allowed only on the primary domain controller of the domain.
///
/// -
/// NERR_SpeGroupOp
///
/// The operation is not allowed on certain special groups. These groups include user groups, admin groups, local groups, and guest groups.
///
///
/// -
/// NERR_UserNotFound
/// The user name could not be found.
///
/// -
/// NERR_GroupNotFound
/// The global group name could not be found.
///
/// -
/// NERR_UserNotInGroup
/// The user does not belong to this global group.
///
///
///
///
///
/// If you call this function on a domain controller that is running Active Directory, access is allowed or denied based on the
/// access control list (ACL) for the securable object. The default ACL permits only Domain Admins and Account Operators to call this
/// function. On a member server or workstation, only Administrators and Power Users can call this function. For more information,
/// see Security Requirements for the Network Management Functions. For more information on ACLs, ACEs, and access tokens, see Access
/// Control Model.
///
/// The security descriptor of the Group object is used to perform the access check for this function.
///
/// User account names are limited to 20 characters and group names are limited to 256 characters. In addition, account names cannot
/// be terminated by a period and they cannot include commas or any of the following printable characters: ", /, , [, ], :, |, <,
/// >, +, =, ;, ?, *. Names also cannot include characters in the range 1-31, which are non-printable.
///
///
/// If you are programming for Active Directory, you may be able to call certain Active Directory Service Interface (ADSI) methods to
/// achieve the same functionality you can achieve by calling the network management group functions. For more information, see IADsGroup.
///
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/nf-lmaccess-netgroupdeluser NET_API_STATUS NET_API_FUNCTION
// NetGroupDelUser( LPCWSTR servername, LPCWSTR GroupName, LPCWSTR Username );
[DllImport(Lib.NetApi32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)]
[PInvokeData("lmaccess.h", MSDNShortId = "ab8ce12a-60c0-4d79-8894-4537c6568e15")]
public static extern Win32Error NetGroupDelUser([Optional] string servername, string GroupName, string Username);
///
///
/// The NetGroupEnum function retrieves information about each global group in the security database, which is the security
/// accounts manager (SAM) database or, in the case of domain controllers, the Active Directory.
///
///
/// The NetQueryDisplayInformation function provides an efficient mechanism for enumerating global groups. When possible, it is
/// recommended that you use NetQueryDisplayInformation instead of the NetGroupEnum function.
///
///
///
/// Pointer to a constant string that specifies the DNS or NetBIOS name of the remote server on which the function is to execute. If
/// this parameter is NULL, the local computer is used.
///
///
/// Specifies the information level of the data. This parameter can be one of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// 0
/// Return the global group name. The bufptr parameter points to an array of GROUP_INFO_0 structures.
///
/// -
/// 1
/// Return the global group name and a comment. The bufptr parameter points to an array of GROUP_INFO_1 structures.
///
/// -
/// 2
///
/// Return detailed information about the global group. The bufptr parameter points to an array of GROUP_INFO_2 structures. Note that
/// on Windows XP and later, it is recommended that you use GROUP_INFO_3 instead.
///
///
/// -
/// 3
///
/// Return detailed information about the global group. The bufptr parameter points to an array of GROUP_INFO_3 structures. Windows
/// 2000: This level is not supported.
///
///
///
///
///
///
/// Pointer to the buffer to receive the global group information structure. The format of this data depends on the value of the
/// level parameter.
///
///
/// The system allocates the memory for this buffer. You must call the NetApiBufferFree function to deallocate the memory. Note that
/// you must free the buffer even if the function fails with ERROR_MORE_DATA.
///
///
///
/// Specifies the preferred maximum length of the returned data, in bytes. If you specify MAX_PREFERRED_LENGTH, the function
/// allocates the amount of memory required to hold the data. If you specify another value in this parameter, it can restrict the
/// number of bytes that the function returns. If the buffer size is insufficient to hold all entries, the function returns
/// ERROR_MORE_DATA. For more information, see Network Management Function Buffers and Network Management Function Buffer Lengths.
///
/// Pointer to a value that receives the count of elements actually enumerated.
///
/// Pointer to a value that receives the total number of entries that could have been enumerated from the current resume position.
/// The total number of entries is only a hint. For more information about determining the exact number of entries, see the following
/// Remarks section.
///
///
/// Pointer to a variable that contains a resume handle that is used to continue the global group enumeration. The handle should be
/// zero on the first call and left unchanged for subsequent calls. If this parameter is NULL, no resume handle is stored.
///
///
/// If the function succeeds, the return value is NERR_Success.
/// If the function fails, the return value can be one of the following error codes.
///
///
/// Return code
/// Description
///
/// -
/// ERROR_ACCESS_DENIED
/// The user does not have access to the requested information.
///
/// -
/// NERR_InvalidComputer
/// The computer name is invalid.
///
/// -
/// ERROR_MORE_DATA
/// More entries are available. Specify a large enough buffer to receive all entries.
///
///
///
///
///
/// If you are programming for Active Directory, you may be able to call certain Active Directory Service Interface (ADSI) methods to
/// achieve the same functionality you can achieve by calling the network management group functions. For more information, see IADsGroup.
///
///
/// If you call this function on a domain controller that is running Active Directory, access is allowed or denied based on the
/// access control list (ACL) for the securable object. The default ACL permits all authenticated users and members of the
/// "Pre-Windows 2000 compatible access" group to view the information. If you call this function on a member server or workstation,
/// all authenticated users can view the information. For information about anonymous access and restricting anonymous access on
/// these platforms, see Security Requirements for the Network Management Functions. For more information on ACLs, ACEs, and access
/// tokens, see Access Control Model.
///
///
/// The function only returns information to which the caller has Read access. The caller must have List Contents access to the
/// Domain object, and Enumerate Entire SAM Domain access on the SAM Server object located in the System container.
///
///
/// To determine the exact total number of groups, you must enumerate the entire tree, which can be a costly operation. To enumerate
/// the entire tree, use the resume_handle parameter to continue the enumeration for consecutive calls, and use the entriesread
/// parameter to accumulate the total number of groups. If your application is communicating with a domain controller, you should
/// consider using the ADSI LDAP Provider to retrieve this type of data more efficiently. The ADSI LDAP Provider implements a set of
/// ADSI objects that support various ADSI interfaces. For more information, see ADSI Service Providers.
///
///
/// User account names are limited to 20 characters and group names are limited to 256 characters. In addition, account names cannot
/// be terminated by a period and they cannot include commas or any of the following printable characters: ", /, , [, ], :, |, <,
/// >, +, =, ;, ?, *. Names also cannot include characters in the range 1-31, which are non-printable.
///
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/nf-lmaccess-netgroupenum NET_API_STATUS NET_API_FUNCTION
// NetGroupEnum( LPCWSTR servername, DWORD level, LPBYTE *bufptr, DWORD prefmaxlen, LPDWORD entriesread, LPDWORD totalentries,
// PDWORD_PTR resume_handle );
[DllImport(Lib.NetApi32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)]
[PInvokeData("lmaccess.h", MSDNShortId = "3f8fabce-94cb-41f5-9af1-04585ac3f16e")]
public static extern Win32Error NetGroupEnum([Optional] string servername, uint level, out SafeNetApiBuffer bufptr, uint prefmaxlen, out uint entriesread, out uint totalentries, ref IntPtr resume_handle);
///
/// The NetGroupGetInfo function retrieves information about a particular global group in the security database, which is the
/// security accounts manager (SAM) database or, in the case of domain controllers, the Active Directory.
///
///
/// Pointer to a constant string that specifies the DNS or NetBIOS name of the remote server on which the function is to execute. If
/// this parameter is NULL, the local computer is used.
///
///
/// Pointer to a constant string that specifies the name of the global group for which to retrieve information. For more information,
/// see the following Remarks section.
///
///
/// Specifies the information level of the data. This parameter can be one of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// 0
/// Return the global group name. The bufptr parameter points to a GROUP_INFO_0 structure.
///
/// -
/// 1
/// Return the global group name and a comment. The bufptr parameter points to a GROUP_INFO_1 structure.
///
/// -
/// 2
///
/// Return detailed information about the global group. The bufptr parameter points to a GROUP_INFO_2 structure. Note that on Windows
/// XP and later, it is recommended that you use GROUP_INFO_3 instead.
///
///
/// -
/// 3
///
/// Return detailed information about the global group. The bufptr parameter points to a GROUP_INFO_3 structure. Windows 2000: This
/// level is not supported.
///
///
///
///
///
/// Pointer to the address of the buffer that receives the global group information structure. The format of this data depends on the
/// value of the level parameter. The system allocates the memory for this buffer. You must call the NetApiBufferFree function to
/// deallocate the memory. For more information, see Network Management Function Buffers and Network Management Function Buffer Lengths.
///
///
/// If the function succeeds, the return value is NERR_Success.
/// If the function fails, the return value can be one of the following error codes.
///
///
/// Return code
/// Description
///
/// -
/// ERROR_ACCESS_DENIED
/// The user does not have access to the requested information.
///
/// -
/// NERR_InvalidComputer
/// The computer name is invalid.
///
/// -
/// NERR_GroupNotFound
/// The global group name could not be found.
///
///
///
///
///
/// If you are programming for Active Directory, you may be able to call certain Active Directory Service Interface (ADSI) methods to
/// achieve the same functionality you can achieve by calling the network management group functions. For more information, see IADsGroup.
///
///
/// If you call this function on a domain controller that is running Active Directory, access is allowed or denied based on the
/// access control list (ACL) for the securable object. The default ACL permits all authenticated users and members of the
/// "Pre-Windows 2000 compatible access" group to view the information. If you call this function on a member server or workstation,
/// all authenticated users can view the information. For information about anonymous access and restricting anonymous access on
/// these platforms, see Security Requirements for the Network Management Functions. For more information on ACLs, ACEs, and access
/// tokens, see Access Control Model.
///
/// The security descriptor of the Group object is used to perform the access check for this function.
///
/// User account names are limited to 20 characters and group names are limited to 256 characters. In addition, account names cannot
/// be terminated by a period and they cannot include commas or any of the following printable characters: ", /, , [, ], :, |, <,
/// >, +, =, ;, ?, *. Names also cannot include characters in the range 1-31, which are non-printable.
///
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/nf-lmaccess-netgroupgetinfo NET_API_STATUS NET_API_FUNCTION
// NetGroupGetInfo( LPCWSTR servername, LPCWSTR groupname, DWORD level, LPBYTE *bufptr );
[DllImport(Lib.NetApi32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)]
[PInvokeData("lmaccess.h", MSDNShortId = "f9957c15-9a49-4b53-ae31-efd6a03417a6")]
public static extern Win32Error NetGroupGetInfo([Optional] string servername, string groupname, uint level, out SafeNetApiBuffer bufptr);
///
/// The NetGroupGetUsers function retrieves a list of the members in a particular global group in the security database, which
/// is the security accounts manager (SAM) database or, in the case of domain controllers, the Active Directory.
///
///
/// A pointer to a constant string that specifies the DNS or NetBIOS name of the remote server on which the function is to execute.
/// If this parameter is NULL, the local computer is used.
///
///
/// A pointer to a constant string that specifies the name of the global group whose members are to be listed. For more information,
/// see the following Remarks section.
///
///
/// The information level of the data requested. This parameter can be one of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// 0
/// Return the global group's member names. The bufptr parameter points to an array of GROUP_USERS_INFO_0 structures.
///
/// -
/// 1
/// Return the global group's member names and attributes. The bufptr parameter points to an array of GROUP_USERS_INFO_1 structures.
///
///
///
///
/// A pointer to the address of the buffer that receives the information structure. The system allocates the memory for this buffer.
/// You must call the NetApiBufferFree function to deallocate the memory. Note that you must free the buffer even if the function
/// fails with ERROR_MORE_DATA.
///
///
/// The preferred maximum length of the returned data, in bytes. If you specify MAX_PREFERRED_LENGTH, the function allocates the
/// amount of memory required to hold the data. If you specify another value in this parameter, it can restrict the number of bytes
/// that the function returns. If the buffer size is insufficient to hold all entries, the function returns ERROR_MORE_DATA. For more
/// information, see Network Management Function Buffers and Network Management Function Buffer Lengths.
///
/// A pointer to a value that receives the count of elements actually enumerated.
///
/// A pointer to a value that receives the total number of entries that could have been enumerated from the current resume position.
///
///
/// A pointer to a variable that contains a resume handle that is used to continue an existing user enumeration. The handle should be
/// zero on the first call and left unchanged for subsequent calls. If ResumeHandle parameter is NULL, no resume handle is stored.
///
///
/// If the function succeeds, the return value is NERR_Success.
/// If the function fails, the return value can be one of the following error codes.
///
///
/// Return code
/// Description
///
/// -
/// ERROR_ACCESS_DENIED
/// The user does not have access to the requested information.
///
/// -
/// ERROR_INVALID_LEVEL
///
/// The system call level is not correct. This error is returned if the level parameter was specified as a value other than 0 or 1.
///
///
/// -
/// ERROR_MORE_DATA
/// More entries are available. Specify a large enough buffer to receive all entries.
///
/// -
/// ERROR_NOT_ENOUGH_MEMORY
/// Insufficient memory was available to complete the operation.
///
/// -
/// NERR_InvalidComputer
/// The computer name is invalid.
///
/// -
/// NERR_GroupNotFound
/// The global group name in the structure pointed to by bufptr parameter could not be found.
///
/// -
/// NERR_InternalError
/// An internal error occurred.
///
///
///
///
///
/// If you call this function on a domain controller that is running Active Directory, access is allowed or denied based on the
/// access control list (ACL) for the securable object. The default ACL permits all authenticated users and members of the
/// "Pre-Windows 2000 compatible access" group to view the information. If you call this function on a member server or workstation,
/// all authenticated users can view the information. For information about anonymous access and restricting anonymous access on
/// these platforms, see Security Requirements for the Network Management Functions. For more information on ACLs, ACEs, and access
/// tokens, see Access Control Model.
///
/// The security descriptor of the Group object is used to perform the access check for this function.
///
/// To grant one user membership in an existing global group, you can call the NetGroupAddUser function. To remove a user from a
/// global group, call the NetGroupDelUser function. For information about replacing the membership of a global group, see NetGroupSetUsers.
///
///
/// User account names are limited to 20 characters and group names are limited to 256 characters. In addition, account names cannot
/// be terminated by a period and they cannot include commas or any of the following printable characters: ", /, , [, ], :, |, <,
/// >, +, =, ;, ?, *. Names also cannot include characters in the range 1-31, which are non-printable.
///
///
/// If you are programming for Active Directory, you may be able to call certain Active Directory Service Interface (ADSI) methods to
/// achieve the same functionality you can achieve by calling the network management group functions. For more information, see IADsGroup.
///
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/nf-lmaccess-netgroupgetusers NET_API_STATUS NET_API_FUNCTION
// NetGroupGetUsers( LPCWSTR servername, LPCWSTR groupname, DWORD level, LPBYTE *bufptr, DWORD prefmaxlen, LPDWORD entriesread,
// LPDWORD totalentries, PDWORD_PTR ResumeHandle );
[DllImport(Lib.NetApi32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)]
[PInvokeData("lmaccess.h", MSDNShortId = "a9bcb806-f44c-4db2-9644-06687b31405d")]
public static extern Win32Error NetGroupGetUsers([Optional] string servername, string groupname, uint level, out SafeNetApiBuffer bufptr, uint prefmaxlen, out uint entriesread, out uint totalentries, ref IntPtr ResumeHandle);
///
/// The NetGroupSetInfo function sets the parameters of a global group in the security database, which is the security
/// accounts manager (SAM) database or, in the case of domain controllers, the Active Directory.
///
///
/// Pointer to a constant string that specifies the DNS or NetBIOS name of the remote server on which the function is to execute. If
/// this parameter is NULL, the local computer is used.
///
///
/// Pointer to a constant string that specifies the name of the global group for which to set information. For more information, see
/// the following Remarks section.
///
///
/// Specifies the information level of the data. This parameter can be one of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// 0
/// Specifies a global group name. The buf parameter points to a GROUP_INFO_0 structure.
///
/// -
/// 1
/// Specifies a global group name and a comment. The buf parameter points to a GROUP_INFO_1 structure.
///
/// -
/// 2
///
/// Specifies detailed information about the global group. The buf parameter points to a GROUP_INFO_2 structure. Note that on Windows
/// XP and later, it is recommended that you use GROUP_INFO_3 instead.
///
///
/// -
/// 3
///
/// Specifies detailed information about the global group. The buf parameter points to a GROUP_INFO_3 structure. Windows 2000: This
/// level is not supported.
///
///
/// -
/// 1002
/// Specifies a comment only about the global group. The buf parameter points to a GROUP_INFO_1002 structure.
///
/// -
/// 1005
/// Specifies global group attributes. The buf parameter points to a GROUP_INFO_1005 structure.
///
///
/// For more information, see the following Remarks section.
///
///
/// Pointer to a buffer that contains the data. The format of this data depends on the value of the level parameter. For more
/// information, see Network Management Function Buffers.
///
///
/// Pointer to a value that receives the index of the first member of the group information structure in error following an
/// ERROR_INVALID_PARAMETER error code. If this parameter is NULL, the index is not returned on error. For more information,
/// see the following Remarks section.
///
///
/// If the function succeeds, the return value is NERR_Success.
/// If the function fails, the return value can be one of the following error codes.
///
///
/// Return code
/// Description
///
/// -
/// ERROR_ACCESS_DENIED
/// The user does not have access to the requested information.
///
/// -
/// ERROR_INVALID_PARAMETER
/// One of the function parameters is invalid. For more information, see the following Remarks section.
///
/// -
/// NERR_InvalidComputer
/// The computer name is invalid.
///
/// -
/// NERR_NotPrimary
/// The operation is allowed only on the primary domain controller of the domain.
///
/// -
/// NERR_GroupNotFound
/// The global group name could not be found.
///
/// -
/// NERR_SpeGroupOp
///
/// The operation is not allowed on certain special groups. These groups include user groups, admin groups, local groups, and guest groups.
///
///
///
///
///
///
/// If you are programming for Active Directory, you may be able to call certain Active Directory Service Interface (ADSI) methods to
/// achieve the same functionality you can achieve by calling the network management group functions. For more information, see IADsGroup.
///
///
/// If you call this function on a domain controller that is running Active Directory, access is allowed or denied based on the
/// access control list (ACL) for the securable object. The default ACL permits only Domain Admins and Account Operators to call this
/// function. On a member server or workstation, only Administrators and Power Users can call this function. For more information,
/// see Security Requirements for the Network Management Functions. For more information on ACLs, ACEs, and access tokens, see Access
/// Control Model.
///
///
/// The security descriptor of the Group object is used to perform the access check for this function. Typically, callers must have
/// write access to the entire object for calls to this function to succeed.
///
///
/// The correct way to set the new name of a global group is to call the NetGroupSetInfo function, using a GROUP_INFO_0
/// structure. Specify the new value in the grpi0_name member. If you use a GROUP_INFO_1 structure and specify the value in
/// the grpi1_name member, the new name value is ignored.
///
///
/// If the NetGroupSetInfo function returns ERROR_INVALID_PARAMETER, you can use the parm_err parameter to indicate the first
/// member of the group information structure that is invalid. (A group information structure begins with GROUP_INFO_ and its format
/// is specified by the level parameter.) The following table lists the values that can be returned in the parm_err parameter and the
/// corresponding structure member that is in error. (The prefix grpi*_ indicates that the member can begin with multiple prefixes,
/// for example, grpi1_ or grpi2_.)
///
///
///
/// Value
/// Member
///
/// -
/// GROUP_NAME_PARMNUM
/// grpi*_name
///
/// -
/// GROUP_COMMENT_PARMNUM
/// grpi*_comment
///
/// -
/// GROUP_ATTRIBUTES_PARMNUM
/// grpi*_attributes
///
///
///
/// User account names are limited to 20 characters and group names are limited to 256 characters. In addition, account names cannot
/// be terminated by a period and they cannot include commas or any of the following printable characters: ", /, , [, ], :, |, <,
/// >, +, =, ;, ?, *. Names also cannot include characters in the range 1-31, which are non-printable.
///
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/nf-lmaccess-netgroupsetinfo NET_API_STATUS NET_API_FUNCTION
// NetGroupSetInfo( LPCWSTR servername, LPCWSTR groupname, DWORD level, LPBYTE buf, LPDWORD parm_err );
[DllImport(Lib.NetApi32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)]
[PInvokeData("lmaccess.h", MSDNShortId = "8c235f9a-095e-4108-9b93-008ffe9bc776")]
public static extern Win32Error NetGroupSetInfo([Optional] string servername, string groupname, uint level, IntPtr buf, out uint parm_err);
///
/// The NetGroupSetUsers function sets the membership for the specified global group. Each user you specify is enrolled as a
/// member of the global group. Users you do not specify, but who are currently members of the global group, will have their
/// membership revoked.
///
///
/// A pointer to a constant string that specifies the DNS or NetBIOS name of the remote server on which the function is to execute.
/// If this parameter is NULL, the local computer is used.
///
///
/// A pointer to a constant string that specifies the name of the global group of interest. For more information, see the Remarks section.
///
///
/// The information level of the data. This parameter can be one of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// 0
/// The buf parameter points to an array of GROUP_USERS_INFO_0 structures that specify user names.
///
/// -
/// 1
///
/// The buf parameter points to an array of GROUP_USERS_INFO_1 structures that specifies user names and the attributes of the group.
///
///
///
///
/// A pointer to the buffer that contains the data. For more information, see Network Management Function Buffers.
/// The number of entries in the buffer pointed to by the buf parameter.
///
/// If the function succeeds, the return value is NERR_Success.
/// If the function fails, the return value can be one of the following error codes.
///
///
/// Return code
/// Description
///
/// -
/// ERROR_ACCESS_DENIED
/// The user does not have access to the requested information.
///
/// -
/// ERROR_INVALID_LEVEL
///
/// The system call level is not correct. This error is returned if the level parameter was specified as a value other than 0 or 1.
///
///
/// -
/// ERROR_INVALID_PARAMETER
/// A parameter passed was not valid. This error is returned if the totalentries parameter was not valid.
///
/// -
/// ERROR_NOT_ENOUGH_MEMORY
/// Insufficient memory was available to complete the operation.
///
/// -
/// NERR_InvalidComputer
/// The computer name is invalid.
///
/// -
/// NERR_NotPrimary
/// The operation is allowed only on the primary domain controller of the domain.
///
/// -
/// NERR_GroupNotFound
/// The global group name could not be found.
///
/// -
/// NERR_InternalError
/// An internal error occurred.
///
/// -
/// NERR_SpeGroupOp
///
/// The operation is not allowed on certain special groups. These groups include user groups, admin groups, local groups, and guest groups.
///
///
/// -
/// NERR_UserNotFound
/// The user name could not be found.
///
///
///
///
///
/// If you call this function on a domain controller that is running Active Directory, access is allowed or denied based on the
/// access control list (ACL) for the securable object. The default ACL permits only Domain Admins and Account Operators to call this
/// function. On a member server or workstation, only Administrators and Power Users can call this function. For more information,
/// see Security Requirements for the Network Management Functions. For more information on ACLs, ACEs, and access tokens, see Access
/// Control Model.
///
/// The security descriptor of the Group object is used to perform the access check for this function.
///
/// You can replace the global group membership with an entirely new list of members by calling the NetGroupSetUsers function.
/// The typical sequence of steps to perform this follows.
///
/// To replace the global group membership
///
/// -
/// Call the NetGroupGetUsers function to retrieve the current membership list.
///
/// -
/// Modify the returned membership list to reflect the new membership.
///
/// -
/// Call the NetGroupSetUsers function to replace the old membership list with the new membership list.
///
///
///
/// To grant one user membership in an existing global group, you can call the NetGroupAddUser function. To remove a user from a
/// global group, call the NetGroupDelUser function.
///
///
/// User account names are limited to 20 characters and group names are limited to 256 characters. In addition, account names cannot
/// be terminated by a period and they cannot include commas or any of the following printable characters: ", /, , [, ], :, |, <,
/// >, +, =, ;, ?, *. Names also cannot include characters in the range 1-31, which are non-printable.
///
///
/// If you are programming for Active Directory, you may be able to call certain Active Directory Service Interface (ADSI) methods to
/// achieve the same functionality you can achieve by calling the network management group functions. For more information, see IADsGroup.
///
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/nf-lmaccess-netgroupsetusers NET_API_STATUS NET_API_FUNCTION
// NetGroupSetUsers( LPCWSTR servername, LPCWSTR groupname, DWORD level, LPBYTE buf, DWORD totalentries );
[DllImport(Lib.NetApi32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)]
[PInvokeData("lmaccess.h", MSDNShortId = "4221f5c8-a71c-4368-9be4-9562063b6cfd")]
public static extern Win32Error NetGroupSetUsers([Optional] string servername, string groupname, uint level, IntPtr buf, uint totalentries);
///
///
/// The NetIsServiceAccount function tests whether the specified standalone managed service account (sMSA) or group managed
/// service account (gMSA) exists in the Netlogon store on the specified server.
///
///
/// This function has no associated import library. You must use the LoadLibrary and GetProcAddress functions to dynamically link to Logoncli.dll.
///
///
/// The value of this parameter must be NULL.
/// The name of the account to be tested.
/// TRUE if the specified service account exists on the specified server; otherwise, FALSE.
///
/// If the function succeeds, it returns STATUS_SUCCESS.
/// If the function fails, it returns an error code.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/nf-lmaccess-netisserviceaccount NTSTATUS NetIsServiceAccount( LPWSTR
// ServerName, LPWSTR AccountName, BOOL *IsService );
[DllImport(Lib.NetApi32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)]
[PInvokeData("lmaccess.h", MSDNShortId = "975e7c0d-d803-4d78-99ed-d07369341674")]
public static extern NTStatus NetIsServiceAccount([Optional] string ServerName, string AccountName, [MarshalAs(UnmanagedType.Bool)] out bool IsService);
///
/// The NetLocalGroupAdd function creates a local group in the security database, which is the security accounts manager (SAM)
/// database or, in the case of domain controllers, the Active Directory.
///
///
/// A pointer to a string that specifies the DNS or NetBIOS name of the remote server on which the function is to execute. If this
/// parameter is NULL, the local computer is used.
///
///
/// The information level of the data. This parameter can be one of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// 0
/// A local group name. The buf parameter points to a LOCALGROUP_INFO_0 structure.
///
/// -
/// 1
/// A local group name and a comment to associate with the group. The buf parameter points to a LOCALGROUP_INFO_1 structure.
///
///
///
///
/// A pointer to a buffer that contains the local group information structure. The format of this data depends on the value of the
/// level parameter. For more information, see Network Management Function Buffers.
///
///
/// A pointer to a value that receives the index of the first member of the local group information structure to cause the
/// ERROR_INVALID_PARAMETER error. If this parameter is NULL, the index is not returned on error. For more information, see
/// the Remarks section in the NetLocalGroupSetInfo topic.
///
///
/// If the function succeeds, the return value is NERR_Success.
/// If the function fails, the return value can be one of the following error codes.
///
///
/// Return code
/// Description
///
/// -
/// ERROR_ACCESS_DENIED
/// The caller does not have the appropriate access to complete the operation.
///
/// -
/// ERROR_ALIAS_EXISTS
///
/// The specified local group already exists. This error is returned if the group name member in the structure pointed to by the buf
/// parameter is already in use as an alias.
///
///
/// -
/// ERROR_INVALID_LEVEL
/// A level parameter is invalid.
///
/// -
/// ERROR_INVALID_PARAMETER
///
/// A parameter is incorrect. This error is returned if one or more of the members in the structure pointed to by the buf parameter
/// is invalid.
///
///
/// -
/// NERR_GroupExists
///
/// The group name exists. This error is returned if the group name member in the structure pointed to by the buf parameter is
/// already in use as a group name.
///
///
/// -
/// NERR_InvalidComputer
/// The computer name is invalid.
///
/// -
/// NERR_NotPrimary
/// The operation is allowed only on the primary domain controller of the domain.
///
/// -
/// NERR_UserExists
///
/// The user name exists. This error is returned if the group name member in the structure pointed to by the buf parameter is already
/// in use as a user name.
///
///
///
///
///
///
/// If you call this function on a domain controller that is running Active Directory, access is allowed or denied based on the
/// access control list (ACL) for the securable object. The default ACL permits only Domain Admins and Account Operators to call this
/// function. On a member server or workstation, only Administrators and Power Users can call this function. For more information,
/// see Security Requirements for the Network Management Functions. For more information on ACLs, ACEs, and access tokens, see Access
/// Control Model.
///
///
/// The security descriptor of the user container is used to perform the access check for this function. The caller must be able to
/// create child objects of the group class.
///
///
/// User account names are limited to 20 characters and group names are limited to 256 characters. In addition, account names cannot
/// be terminated by a period and they cannot include commas or any of the following printable characters: ", /, , [, ], :, |, <,
/// >, +, =, ;, ?, *. Names also cannot include characters in the range 1-31, which are non-printable.
///
///
/// If the NetLocalGroupAdd function returns ERROR_INVALID_PARAMETER and a NULL pointer was not passed in
/// parm_err parameter, on return the parm_err parameter indicates the first member of the local group information structure that is
/// invalid. The format of the local group information structure is specified in the level parameter. A pointer to the local group
/// information structure is passed in buf parameter. The following table lists the values that can be returned in the parm_err
/// parameter and the corresponding structure member that is in error.
///
///
///
/// Value
/// Member
///
/// -
/// LOCALGROUP_NAME_PARMNUM
///
/// If the level parameter was 0, the lgrpi0_name member of the LOCALGROUP_INFO_0 structure was invalid. If the level parameter was
/// 1, the lgrpi1_name member of the LOCALGROUP_INFO_1 structure was invalid.
///
///
/// -
/// LOCALGROUP_COMMENT_PARMNUM
/// If the level parameter was 1, the lgrpi1_comment member of the LOCALGROUP_INFO_1 structure was invalid.
///
///
///
/// When making requests to a domain controller and Active Directory, you may be able to call certain Active Directory Service
/// Interface (ADSI) methods to achieve the same results as the network management local group functions. For more information, see IADsGroup.
///
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/nf-lmaccess-netlocalgroupadd NET_API_STATUS NET_API_FUNCTION
// NetLocalGroupAdd( LPCWSTR servername, DWORD level, LPBYTE buf, LPDWORD parm_err );
[DllImport(Lib.NetApi32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)]
[PInvokeData("lmaccess.h", MSDNShortId = "5028c1bc-8fed-4f02-8e69-d0d122b08d9f")]
public static extern Win32Error NetLocalGroupAdd([Optional] string servername, uint level, IntPtr buf, out uint parm_err);
/// The NetLocalGroupAddMember function is obsolete. You should use the NetLocalGroupAddMembers function instead.
/// TBD
/// TBD
/// TBD
/// None
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/nf-lmaccess-netlocalgroupaddmember NET_API_STATUS NET_API_FUNCTION
// NetLocalGroupAddMember( IN LPCWSTR servername, IN LPCWSTR groupname, IN PSID membersid );
[DllImport(Lib.NetApi32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)]
[PInvokeData("lmaccess.h", MSDNShortId = "df249dfd-2509-4e67-af4d-b152b95d0eae")]
public static extern Win32Error NetLocalGroupAddMember([Optional] string servername, string groupname, [In] PSID membersid);
///
/// The NetLocalGroupAddMembers function adds membership of one or more existing user accounts or global group accounts to an
/// existing local group. The function does not change the membership status of users or global groups that are currently members of
/// the local group.
///
///
/// Pointer to a constant string that specifies the DNS or NetBIOS name of the remote server on which the function is to execute. If
/// this parameter is NULL, the local computer is used.
///
///
/// Pointer to a constant string that specifies the name of the local group to which the specified users or global groups will be
/// added. For more information, see the following Remarks section.
///
///
/// Specifies the information level of the data. This parameter can be one of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// 0
///
/// Specifies the security identifier (SID) of the new local group member. The buf parameter points to an array of
/// LOCALGROUP_MEMBERS_INFO_0 structures.
///
///
/// -
/// 3
///
/// Specifies the domain and name of the new local group member. The buf parameter points to an array of LOCALGROUP_MEMBERS_INFO_3 structures.
///
///
///
///
///
/// Pointer to a buffer that contains the data for the new local group members. The format of this data depends on the value of the
/// level parameter. For more information, see Network Management Function Buffers.
///
/// Specifies the number of entries in the buffer pointed to by the buf parameter.
///
/// If the function succeeds, the return value is NERR_Success.
/// If the function fails, the return value can be one of the following error codes.
///
///
/// Return code
/// Description
///
/// -
/// NERR_GroupNotFound
/// The local group specified by the groupname parameter does not exist.
///
/// -
/// ERROR_ACCESS_DENIED
/// The user does not have access to the requested information.
///
/// -
/// ERROR_NO_SUCH_MEMBER
/// One or more of the members specified do not exist. Therefore, no new members were added.
///
/// -
/// ERROR_MEMBER_IN_ALIAS
/// One or more of the members specified were already members of the local group. No new members were added.
///
/// -
/// ERROR_INVALID_MEMBER
/// One or more of the members cannot be added because their account type is invalid. No new members were added.
///
///
///
///
///
/// If you call this function on a domain controller that is running Active Directory, access is allowed or denied based on the
/// access control list (ACL) for the securable object. The default ACL permits only Domain Admins and Account Operators to call this
/// function. On a member server or workstation, only Administrators and Power Users can call this function. For more information,
/// see Security Requirements for the Network Management Functions. For more information on ACLs, ACEs, and access tokens, see Access
/// Control Model.
///
/// The security descriptor of the LocalGroup object is used to perform the access check for this function.
///
/// User account names are limited to 20 characters and group names are limited to 256 characters. In addition, account names cannot
/// be terminated by a period and they cannot include commas or any of the following printable characters: ", /, , [, ], :, |, <,
/// >, +, =, ;, ?, *. Names also cannot include characters in the range 1-31, which are non-printable.
///
///
/// If you are programming for Active Directory, you may be able to call certain Active Directory Service Interface (ADSI) methods to
/// achieve the same functionality you can achieve by calling the network management local group functions. For more information, see IADsGroup.
///
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/nf-lmaccess-netlocalgroupaddmembers NET_API_STATUS NET_API_FUNCTION
// NetLocalGroupAddMembers( LPCWSTR servername, LPCWSTR groupname, DWORD level, LPBYTE buf, DWORD totalentries );
[DllImport(Lib.NetApi32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)]
[PInvokeData("lmaccess.h", MSDNShortId = "3b2d3e4a-742e-4e67-8b28-3cd6d7e6a857")]
public static extern Win32Error NetLocalGroupAddMembers([Optional] string servername, string groupname, uint level, IntPtr buf, uint totalentries);
///
/// The NetLocalGroupDel function deletes a local group account and all its members from the security database, which is the
/// security accounts manager (SAM) database or, in the case of domain controllers, the Active Directory.
///
///
/// Pointer to a constant string that specifies the DNS or NetBIOS name of the remote server on which the function is to execute. If
/// this parameter is NULL, the local computer is used.
///
///
/// Pointer to a constant string that specifies the name of the local group account to delete. For more information, see the
/// following Remarks section.
///
///
/// If the function succeeds, the return value is NERR_Success.
/// If the function fails, the return value can be one of the following error codes.
///
///
/// Return code
/// Description
///
/// -
/// ERROR_ACCESS_DENIED
/// The user does not have access to the requested information.
///
/// -
/// NERR_InvalidComputer
/// The computer name is invalid.
///
/// -
/// NERR_NotPrimary
/// The operation is allowed only on the primary domain controller of the domain.
///
/// -
/// NERR_GroupNotFound
/// The local group specified by the groupname parameter does not exist.
///
/// -
/// ERROR_NO_SUCH_ALIAS
/// The specified local group does not exist.
///
///
///
///
///
/// If you call this function on a domain controller that is running Active Directory, access is allowed or denied based on the
/// access control list (ACL) for the securable object. The default ACL permits only Domain Admins and Account Operators to call this
/// function. On a member server or workstation, only Administrators and Power Users can call this function. For more information,
/// see Security Requirements for the Network Management Functions. For more information on ACLs, ACEs, and access tokens, see Access
/// Control Model.
///
/// The security descriptor of the LocalGroup object is used to perform the access check for this function.
///
/// User account names are limited to 20 characters and group names are limited to 256 characters. In addition, account names cannot
/// be terminated by a period and they cannot include commas or any of the following printable characters: ", /, , [, ], :, |, <,
/// >, +, =, ;, ?, *. Names also cannot include characters in the range 1-31, which are non-printable.
///
///
/// If you are programming for Active Directory, you may be able to call certain Active Directory Service Interface (ADSI) methods to
/// achieve the same functionality you can achieve by calling the network management local group functions. For more information, see IADsGroup.
///
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/nf-lmaccess-netlocalgroupdel NET_API_STATUS NET_API_FUNCTION
// NetLocalGroupDel( LPCWSTR servername, LPCWSTR groupname );
[DllImport(Lib.NetApi32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)]
[PInvokeData("lmaccess.h", MSDNShortId = "b26bfd52-c20a-4f6f-9503-87cac5168362")]
public static extern Win32Error NetLocalGroupDel([Optional] string servername, string groupname);
/// The NetLocalGroupDelMember function is obsolete. You should use the NetLocalGroupDelMembers function instead.
/// TBD
/// TBD
/// TBD
/// None
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/nf-lmaccess-netlocalgroupdelmember NET_API_STATUS NET_API_FUNCTION
// NetLocalGroupDelMember( LPCWSTR servername, LPCWSTR groupname, PSID membersid );
[DllImport(Lib.NetApi32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)]
[PInvokeData("lmaccess.h", MSDNShortId = "4a231da6-904e-4b49-9855-03e004a0b695")]
public static extern Win32Error NetLocalGroupDelMember([Optional] string servername, string groupname, PSID membersid);
///
/// The NetLocalGroupDelMembers function removes one or more members from an existing local group. Local group members can be
/// users or global groups.
///
///
/// Pointer to a constant string that specifies the DNS or NetBIOS name of the remote server on which the function is to execute. If
/// this parameter is NULL, the local computer is used.
///
///
/// Pointer to a constant string that specifies the name of the local group from which the specified users or global groups will be
/// removed. For more information, see the following Remarks section.
///
///
/// Specifies the information level of the data. This parameter can be one of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// 0
///
/// Specifies the security identifier (SID) of a local group member to remove. The buf parameter points to an array of
/// LOCALGROUP_MEMBERS_INFO_0 structures.
///
///
/// -
/// 3
///
/// Specifies the domain and name of a local group member to remove. The buf parameter points to an array of
/// LOCALGROUP_MEMBERS_INFO_3 structures.
///
///
///
///
///
/// Pointer to a buffer that specifies the members to be removed. The format of this data depends on the value of the level
/// parameter. For more information, see Network Management Function Buffers.
///
/// Specifies the number of entries in the array pointed to by the buf parameter.
///
/// If the function succeeds, the return value is NERR_Success.
/// If the function fails, the return value can be one of the following error codes.
///
///
/// Return code
/// Description
///
/// -
/// ERROR_ACCESS_DENIED
/// The user does not have access to the requested information.
///
/// -
/// NERR_GroupNotFound
/// The local group specified by the groupname parameter does not exist.
///
/// -
/// ERROR_NO_SUCH_MEMBER
/// One or more of the specified members do not exist. No members were deleted.
///
/// -
/// ERROR_MEMBER_NOT_IN_ALIAS
/// One or more of the members specified were not members of the local group. No members were deleted.
///
///
///
///
///
/// If you call this function on a domain controller that is running Active Directory, access is allowed or denied based on the
/// access control list (ACL) for the securable object. The default ACL permits only Domain Admins and Account Operators to call this
/// function. On a member server or workstation, only Administrators and Power Users can call this function. For more information,
/// see Security Requirements for the Network Management Functions. For more information on ACLs, ACEs, and access tokens, see Access
/// Control Model.
///
/// The security descriptor of the LocalGroup object is used to perform the access check for this function.
///
/// User account names are limited to 20 characters and group names are limited to 256 characters. In addition, account names cannot
/// be terminated by a period and they cannot include commas or any of the following printable characters: ", /, , [, ], :, |, <,
/// >, +, =, ;, ?, *. Names also cannot include characters in the range 1-31, which are non-printable.
///
///
/// If you are programming for Active Directory, you may be able to call certain Active Directory Service Interface (ADSI) methods to
/// achieve the same functionality you can achieve by calling the network management local group functions. For more information, see IADsGroup.
///
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/nf-lmaccess-netlocalgroupdelmembers NET_API_STATUS NET_API_FUNCTION
// NetLocalGroupDelMembers( LPCWSTR servername, LPCWSTR groupname, DWORD level, LPBYTE buf, DWORD totalentries );
[DllImport(Lib.NetApi32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)]
[PInvokeData("lmaccess.h", MSDNShortId = "85ae796b-c94a-46a8-9fa8-6c612db38671")]
public static extern Win32Error NetLocalGroupDelMembers([Optional] string servername, string groupname, uint level, IntPtr buf, uint totalentries);
/// The NetLocalGroupEnum function returns information about each local group account on the specified server.
///
/// Pointer to a constant string that specifies the DNS or NetBIOS name of the remote server on which the function is to execute. If
/// this parameter is NULL, the local computer is used.
///
///
/// Specifies the information level of the data. This parameter can be one of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// 0
/// Return local group names. The bufptr parameter points to an array of LOCALGROUP_INFO_0 structures.
///
/// -
/// 1
///
/// Return local group names and the comment associated with each group. The bufptr parameter points to an array of LOCALGROUP_INFO_1 structures.
///
///
///
///
///
/// Pointer to the address of the buffer that receives the information structure. The format of this data depends on the value of the
/// level parameter. This buffer is allocated by the system and must be freed using the NetApiBufferFree function. Note that you must
/// free the buffer even if the function fails with ERROR_MORE_DATA.
///
///
/// Specifies the preferred maximum length of returned data, in bytes. If you specify MAX_PREFERRED_LENGTH, the function allocates
/// the amount of memory required for the data. If you specify another value in this parameter, it can restrict the number of bytes
/// that the function returns. If the buffer size is insufficient to hold all entries, the function returns ERROR_MORE_DATA. For more
/// information, see Network Management Function Buffers and Network Management Function Buffer Lengths.
///
/// Pointer to a value that receives the count of elements actually enumerated.
///
/// Pointer to a value that receives the approximate total number of entries that could have been enumerated from the current resume
/// position. The total number of entries is only a hint. For more information about determining the exact number of entries, see the
/// following Remarks section.
///
///
/// Pointer to a value that contains a resume handle that is used to continue an existing local group search. The handle should be
/// zero on the first call and left unchanged for subsequent calls. If this parameter is NULL, then no resume handle is
/// stored. For more information, see the following Remarks section.
///
///
/// If the function succeeds, the return value is NERR_Success.
/// If the function fails, the return value can be one of the following error codes.
///
///
/// Return code
/// Description
///
/// -
/// ERROR_ACCESS_DENIED
/// The user does not have access to the requested information.
///
/// -
/// ERROR_MORE_DATA
/// More entries are available. Specify a large enough buffer to receive all entries.
///
/// -
/// NERR_InvalidComputer
/// The computer name is invalid.
///
/// -
/// NERR_BufTooSmall
/// The return buffer is too small.
///
///
///
///
///
/// If you call this function on a domain controller that is running Active Directory, access is allowed or denied based on the
/// access control list (ACL) for the securable object. The default ACL permits all authenticated users and members of the
/// "Pre-Windows 2000 compatible access" group to view the information. If you call this function on a member server or workstation,
/// all authenticated users can view the information. For information about anonymous access and restricting anonymous access on
/// these platforms, see Security Requirements for the Network Management Functions. For more information on ACLs, ACEs, and access
/// tokens, see Access Control Model.
///
///
/// The function only returns information to which the caller has Read access. The caller must have List Contents access to the
/// Domain object, and Enumerate Entire SAM Domain access on the SAM Server object located in the System container.
///
///
/// To determine the exact total number of local groups, you must enumerate the entire tree, which can be a costly operation. To
/// enumerate the entire tree, use the resumehandle parameter to continue the enumeration for consecutive calls, and use the
/// entriesread parameter to accumulate the total number of local groups. If your application is communicating with a domain
/// controller, you should consider using the ADSI LDAP Provider to retrieve this type of data more efficiently. The ADSI LDAP
/// Provider implements a set of ADSI objects that support various ADSI interfaces. For more information, see ADSI Service Providers.
///
///
/// User account names are limited to 20 characters and group names are limited to 256 characters. In addition, account names cannot
/// be terminated by a period and they cannot include commas or any of the following printable characters: ", /, , [, ], :, |, <,
/// >, +, =, ;, ?, *. Names also cannot include characters in the range 1-31, which are non-printable.
///
///
/// If you are programming for Active Directory, you may be able to call certain Active Directory Service Interface (ADSI) methods to
/// achieve the same functionality you can achieve by calling the network management local group functions. For more information, see IADsGroup.
///
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/nf-lmaccess-netlocalgroupenum NET_API_STATUS NET_API_FUNCTION
// NetLocalGroupEnum( LPCWSTR servername, DWORD level, LPBYTE *bufptr, DWORD prefmaxlen, LPDWORD entriesread, LPDWORD totalentries,
// PDWORD_PTR resumehandle );
[DllImport(Lib.NetApi32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)]
[PInvokeData("lmaccess.h", MSDNShortId = "fc27d7f1-bfbe-46d7-a154-f04eb9249248")]
public static extern Win32Error NetLocalGroupEnum([Optional] string servername, uint level, out SafeNetApiBuffer bufptr, uint prefmaxlen, out uint entriesread, out uint totalentries, ref IntPtr resumehandle);
/// The NetLocalGroupGetInfo function retrieves information about a particular local group account on a server.
///
/// Pointer to a constant string that specifies the DNS or NetBIOS name of the remote server on which the function is to execute. If
/// this parameter is NULL, the local computer is used.
///
///
/// Pointer to a constant string that specifies the name of the local group account for which the information will be retrieved. For
/// more information, see the following Remarks section.
///
///
/// Specifies the information level of the data. This parameter can be the following value.
///
///
/// Value
/// Meaning
///
/// -
/// 1
/// Return the comment associated with the local group. The bufptr parameter points to a LOCALGROUP_INFO_1 structure.
///
///
///
///
/// Pointer to the address of the buffer that receives the return information structure. This buffer is allocated by the system and
/// must be freed using the NetApiBufferFree function. For more information, see Network Management Function Buffers and Network
/// Management Function Buffer Lengths.
///
///
/// If the function succeeds, the return value is NERR_Success.
/// If the function fails, the return value can be one of the following error codes.
///
///
/// Return code
/// Description
///
/// -
/// ERROR_ACCESS_DENIED
/// The user does not have access to the requested information.
///
/// -
/// NERR_InvalidComputer
/// The computer name is invalid.
///
/// -
/// NERR_GroupNotFound
/// The specified local group does not exist.
///
///
///
///
///
/// If you call this function on a domain controller that is running Active Directory, access is allowed or denied based on the
/// access control list (ACL) for the securable object. The default ACL permits all authenticated users and members of the
/// "Pre-Windows 2000 compatible access" group to view the information. If you call this function on a member server or workstation,
/// all authenticated users can view the information. For information about anonymous access and restricting anonymous access on
/// these platforms, see Security Requirements for the Network Management Functions. For more information on ACLs, ACEs, and access
/// tokens, see Access Control Model.
///
/// The security descriptor of the LocalGroup object is used to perform the access check for this function.
///
/// User account names are limited to 20 characters and group names are limited to 256 characters. In addition, account names cannot
/// be terminated by a period and they cannot include commas or any of the following printable characters: ", /, , [, ], :, |, <,
/// >, +, =, ;, ?, *. Names also cannot include characters in the range 1-31, which are non-printable.
///
///
/// If you are programming for Active Directory, you may be able to call certain Active Directory Service Interface (ADSI) methods to
/// achieve the same functionality you can achieve by calling the network management local group functions. For more information, see IADsGroup.
///
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/nf-lmaccess-netlocalgroupgetinfo NET_API_STATUS NET_API_FUNCTION
// NetLocalGroupGetInfo( LPCWSTR servername, LPCWSTR groupname, DWORD level, LPBYTE *bufptr );
[DllImport(Lib.NetApi32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)]
[PInvokeData("lmaccess.h", MSDNShortId = "ee2f0be9-8d52-439b-ab65-f9e11a2872c5")]
public static extern Win32Error NetLocalGroupGetInfo([Optional] string servername, string groupname, uint level, out SafeNetApiBuffer bufptr);
///
/// The NetLocalGroupGetMembers function retrieves a list of the members of a particular local group in the security database,
/// which is the security accounts manager (SAM) database or, in the case of domain controllers, the Active Directory. Local group
/// members can be users or global groups.
///
///
/// Pointer to a constant string that specifies the DNS or NetBIOS name of the remote server on which the function is to execute. If
/// this parameter is NULL, the local computer is used.
///
///
/// Pointer to a constant string that specifies the name of the local group whose members are to be listed. For more information, see
/// the following Remarks section.
///
///
/// Specifies the information level of the data. This parameter can be one of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// 0
///
/// Return the security identifier (SID) associated with the local group member. The bufptr parameter points to an array of
/// LOCALGROUP_MEMBERS_INFO_0 structures.
///
///
/// -
/// 1
///
/// Return the SID and account information associated with the local group member. The bufptr parameter points to an array of
/// LOCALGROUP_MEMBERS_INFO_1 structures.
///
///
/// -
/// 2
///
/// Return the SID, account information, and the domain name associated with the local group member. The bufptr parameter points to
/// an array of LOCALGROUP_MEMBERS_INFO_2 structures.
///
///
/// -
/// 3
///
/// Return the account and domain names of the local group member. The bufptr parameter points to an array of
/// LOCALGROUP_MEMBERS_INFO_3 structures.
///
///
///
///
///
/// Pointer to the address that receives the return information structure. The format of this data depends on the value of the level
/// parameter. This buffer is allocated by the system and must be freed using the NetApiBufferFree function. Note that you must free
/// the buffer even if the function fails with ERROR_MORE_DATA.
///
///
/// Specifies the preferred maximum length of returned data, in bytes. If you specify MAX_PREFERRED_LENGTH, the function allocates
/// the amount of memory required for the data. If you specify another value in this parameter, it can restrict the number of bytes
/// that the function returns. If the buffer size is insufficient to hold all entries, the function returns ERROR_MORE_DATA. For more
/// information, see Network Management Function Buffers and Network Management Function Buffer Lengths.
///
/// Pointer to a value that receives the count of elements actually enumerated.
///
/// Pointer to a value that receives the total number of entries that could have been enumerated from the current resume position.
///
///
/// Pointer to a value that contains a resume handle which is used to continue an existing group member search. The handle should be
/// zero on the first call and left unchanged for subsequent calls. If this parameter is NULL, then no resume handle is stored.
///
///
/// If the function succeeds, the return value is NERR_Success.
/// If the function fails, the return value can be one of the following error codes.
///
///
/// Return code
/// Description
///
/// -
/// ERROR_ACCESS_DENIED
/// The user does not have access to the requested information.
///
/// -
/// NERR_InvalidComputer
/// The computer name is invalid.
///
/// -
/// ERROR_MORE_DATA
/// More entries are available. Specify a large enough buffer to receive all entries.
///
/// -
/// ERROR_NO_SUCH_ALIAS
/// The specified local group does not exist.
///
///
///
///
///
/// If you call this function on a domain controller that is running Active Directory, access is allowed or denied based on the
/// access control list (ACL) for the securable object. The default ACL permits all authenticated users and members of the
/// "Pre-Windows 2000 compatible access" group to view the information. If you call this function on a member server or workstation,
/// all authenticated users can view the information. For information about anonymous access and restricting anonymous access on
/// these platforms, see Security Requirements for the Network Management Functions. For more information on ACLs, ACEs, and access
/// tokens, see Access Control Model.
///
/// The security descriptor of the LocalGroup object is used to perform the access check for this function.
///
/// User account names are limited to 20 characters and group names are limited to 256 characters. In addition, account names cannot
/// be terminated by a period and they cannot include commas or any of the following printable characters: ", /, , [, ], :, |, <,
/// >, +, =, ;, ?, *. Names also cannot include characters in the range 1-31, which are non-printable.
///
///
/// If you are programming for Active Directory, you may be able to call certain Active Directory Service Interface (ADSI) methods to
/// achieve the same functionality you can achieve by calling the network management local group functions. For more information, see IADsGroup.
///
///
/// If this function returns ERROR_MORE_DATA, then it must be repeatedly called until ERROR_SUCCESS or
/// NERR_success is returned. Failure to do so can result in an RPC connection leak.
///
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/nf-lmaccess-netlocalgroupgetmembers NET_API_STATUS NET_API_FUNCTION
// NetLocalGroupGetMembers( LPCWSTR servername, LPCWSTR localgroupname, DWORD level, LPBYTE *bufptr, DWORD prefmaxlen, LPDWORD
// entriesread, LPDWORD totalentries, PDWORD_PTR resumehandle );
[DllImport(Lib.NetApi32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)]
[PInvokeData("lmaccess.h", MSDNShortId = "35770b32-dae9-46f5-84e3-1c31ca22f708")]
public static extern Win32Error NetLocalGroupGetMembers([Optional] string servername, string localgroupname, uint level, out SafeNetApiBuffer bufptr, uint prefmaxlen, out uint entriesread, out uint totalentries, ref IntPtr resumehandle);
///
/// The NetLocalGroupSetInfo function changes the name of an existing local group. The function also associates a comment with
/// a local group.
///
///
/// Pointer to a constant string that specifies the DNS or NetBIOS name of the remote server on which the function is to execute. If
/// this parameter is NULL, the local computer is used.
///
///
/// Pointer to a constant string that specifies the name of the local group account to modify. For more information, see the
/// following Remarks section.
///
///
/// Specifies the information level of the data. This parameter can be one of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// 0
///
/// Specifies the local group name. The buf parameter points to a LOCALGROUP_INFO_0 structure. Use this level to change the name of
/// an existing local group.
///
///
/// -
/// 1
///
/// Specifies the local group name and a comment to associate with the group. The buf parameter points to a LOCALGROUP_INFO_1 structure.
///
///
/// -
/// 1002
/// Specifies a comment to associate with the local group. The buf parameter points to a LOCALGROUP_INFO_1002 structure.
///
///
///
///
/// Pointer to a buffer that contains the local group information. The format of this data depends on the value of the level
/// parameter. For more information, see Network Management Function Buffers.
///
///
/// Pointer to a value that receives the index of the first member of the local group information structure that caused the
/// ERROR_INVALID_PARAMETER error. If this parameter is NULL, the index is not returned on error. For more information, see
/// the following Remarks section.
///
///
/// If the function succeeds, the return value is NERR_Success.
/// If the function fails, the return value can be one of the following error codes.
///
///
/// Return code
/// Description
///
/// -
/// ERROR_ACCESS_DENIED
/// The user does not have access to the requested information.
///
/// -
/// ERROR_INVALID_PARAMETER
/// One of the function parameters is invalid. For more information, see the following Remarks section.
///
/// -
/// ERROR_NO_SUCH_ALIAS
/// The specified local group does not exist.
///
/// -
/// NERR_NotPrimary
/// The operation is allowed only on the primary domain controller of the domain.
///
/// -
/// NERR_InvalidComputer
/// The computer name is invalid.
///
///
///
///
///
/// If you call this function on a domain controller that is running Active Directory, access is allowed or denied based on the
/// access control list (ACL) for the securable object. The default ACL permits only Domain Admins and Account Operators to call this
/// function. On a member server or workstation, only Administrators and Power Users can call this function. For more information,
/// see Security Requirements for the Network Management Functions. For more information on ACLs, ACEs, and access tokens, see Access
/// Control Model.
///
///
/// The security descriptor of the LocalGroup object is used to perform the access check for this function. Typically, callers must
/// have write access to the entire object for calls to this function to succeed.
///
///
/// To specify the new name of an existing local group, call NetLocalGroupSetInfo with LOCALGROUP_INFO_0 and specify a value
/// using the lgrpi0_name member. If you call the NetLocalGroupSetInfo function with LOCALGROUP_INFO_1 and specify a
/// new value using the lgrpi1_name member, that value will be ignored.
///
///
/// If the NetLocalGroupSetInfo function returns ERROR_INVALID_PARAMETER, you can use the parm_err parameter to indicate the
/// first member of the local group information structure that is invalid. (A local group information structure begins with
/// LOCALGROUP_INFO_ and its format is specified by the level parameter.) The following table lists the values that can be returned
/// in the parm_err parameter and the corresponding structure member that is in error. (The prefix lgrpi*_ indicates that the member
/// can begin with multiple prefixes, for example, lgrpi0_ or lgrpi1_.)
///
///
///
/// Value
/// Member
///
/// -
/// LOCALGROUP_NAME_PARMNUM
/// lgrpi*_name
///
/// -
/// LOCALGROUP_COMMENT_PARMNUM
/// lgrpi*_comment
///
///
///
/// User account names are limited to 20 characters and group names are limited to 256 characters. In addition, account names cannot
/// be terminated by a period and they cannot include commas or any of the following printable characters: ", /, , [, ], :, |, <,
/// >, +, =, ;, ?, *. Names also cannot include characters in the range 1-31, which are non-printable.
///
///
/// If you are programming for Active Directory, you may be able to call certain Active Directory Service Interface (ADSI) methods to
/// achieve the same functionality you can achieve by calling the network management local group functions. For more information, see IADsGroup.
///
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/nf-lmaccess-netlocalgroupsetinfo NET_API_STATUS NET_API_FUNCTION
// NetLocalGroupSetInfo( LPCWSTR servername, LPCWSTR groupname, DWORD level, LPBYTE buf, LPDWORD parm_err );
[DllImport(Lib.NetApi32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)]
[PInvokeData("lmaccess.h", MSDNShortId = "c1d2a68b-0910-4815-9547-0f0f3c983164")]
public static extern Win32Error NetLocalGroupSetInfo([Optional] string servername, string groupname, uint level, IntPtr buf, out uint parm_err);
///
/// The NetLocalGroupSetMembers function sets the membership for the specified local group. Each user or global group
/// specified is made a member of the local group. Users or global groups that are not specified but who are currently members of the
/// local group will have their membership revoked.
///
///
/// Pointer to a constant string that specifies the DNS or NetBIOS name of the remote server on which the function is to execute. If
/// this parameter is NULL, the local computer is used.
///
///
/// Pointer to a constant string that specifies the name of the local group in which the specified users or global groups should be
/// granted membership. For more information, see the following Remarks section.
///
///
/// Specifies the information level of the data. This parameter can be one of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// 0
///
/// Specifies the security identifier (SID) associated with a local group member. The buf parameter points to an array of
/// LOCALGROUP_MEMBERS_INFO_0 structures.
///
///
/// -
/// 3
///
/// Specifies the account and domain names of the local group member. The buf parameter points to an array of
/// LOCALGROUP_MEMBERS_INFO_3 structures.
///
///
///
///
///
/// Pointer to the buffer that contains the member information. The format of this data depends on the value of the level parameter.
/// For more information, see Network Management Function Buffers.
///
///
/// Specifies a value that contains the total number of entries in the buffer pointed to by the buf parameter.
///
///
/// If the function succeeds, the return value is NERR_Success.
/// If the function fails, the return value can be one of the following error codes.
///
///
/// Return code
/// Description
///
/// -
/// NERR_GroupNotFound
/// The group specified by the groupname parameter does not exist.
///
/// -
/// ERROR_ACCESS_DENIED
/// The user does not have access to the requested information.
///
/// -
/// ERROR_NO_SUCH_MEMBER
/// One or more of the members doesn't exist. The local group membership was not changed.
///
/// -
/// ERROR_INVALID_MEMBER
///
/// One or more of the members cannot be added because it has an invalid account type. The local group membership was not changed.
///
///
///
///
///
///
/// If you call this function on a domain controller that is running Active Directory, access is allowed or denied based on the
/// access control list (ACL) for the securable object. The default ACL permits only Domain Admins and Account Operators to call this
/// function. On a member server or workstation, only Administrators and Power Users can call this function. For more information,
/// see Security Requirements for the Network Management Functions. For more information on ACLs, ACEs, and access tokens, see Access
/// Control Model.
///
/// The security descriptor of the LocalGroup object is used to perform the access check for this function.
///
/// You can replace the local group membership with an entirely new list of members by calling the NetLocalGroupSetMembers
/// function. The typical sequence of steps to perform this follows.
///
/// To replace the local group membership
///
/// -
/// Call the NetLocalGroupGetMembers function to retrieve the current membership list.
///
/// -
/// Modify the returned membership list to reflect the new membership.
///
/// -
/// Call the NetLocalGroupSetMembers function to replace the old membership list with the new membership list.
///
///
///
/// To add one or more existing user accounts or global group accounts to an existing local group, you can call the
/// NetLocalGroupAddMembers function. To remove one or more members from an existing local group, call the NetLocalGroupDelMembers function.
///
///
/// User account names are limited to 20 characters and group names are limited to 256 characters. In addition, account names cannot
/// be terminated by a period and they cannot include commas or any of the following printable characters: ", /, , [, ], :, |, <,
/// >, +, =, ;, ?, *. Names also cannot include characters in the range 1-31, which are non-printable.
///
///
/// If you are programming for Active Directory, you may be able to call certain Active Directory Service Interface (ADSI) methods to
/// achieve the same functionality you can achieve by calling the network management local group functions. For more information, see IADsGroup.
///
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/nf-lmaccess-netlocalgroupsetmembers NET_API_STATUS NET_API_FUNCTION
// NetLocalGroupSetMembers( LPCWSTR servername, LPCWSTR groupname, DWORD level, LPBYTE buf, DWORD totalentries );
[DllImport(Lib.NetApi32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)]
[PInvokeData("lmaccess.h", MSDNShortId = "4dce1e10-b74d-4d69-ac5a-12e7d9d84e5c")]
public static extern Win32Error NetLocalGroupSetMembers([Optional] string servername, string groupname, uint level, IntPtr buf, uint totalentries);
///
/// The NetQueryDisplayInformation function returns user account, computer, or group account information. Call this function
/// to quickly enumerate account information for display in user interfaces.
///
///
/// Pointer to a constant string that specifies the DNS or NetBIOS name of the remote server on which the function is to execute. If
/// this parameter is NULL, the local computer is used.
///
///
/// Specifies the information level of the data. This parameter can be one of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// 1
/// Return user account information. The SortedBuffer parameter points to an array of NET_DISPLAY_USER structures.
///
/// -
/// 2
/// Return individual computer information. The SortedBuffer parameter points to an array of NET_DISPLAY_MACHINE structures.
///
/// -
/// 3
/// Return group account information. The SortedBuffer parameter points to an array of NET_DISPLAY_GROUP structures.
///
///
///
///
/// Specifies the index of the first entry for which to retrieve information. Specify zero to retrieve account information beginning
/// with the first display information entry. For more information, see the following Remarks section.
///
///
/// Specifies the maximum number of entries for which to retrieve information. On Windows 2000 and later, each call to
/// NetQueryDisplayInformation returns a maximum of 100 objects.
///
///
/// Specifies the preferred maximum size, in bytes, of the system-allocated buffer returned in the SortedBuffer parameter. It is
/// recommended that you set this parameter to MAX_PREFERRED_LENGTH.
///
///
/// Pointer to a value that receives the number of entries in the buffer returned in the SortedBuffer parameter. If this parameter is
/// zero, there are no entries with an index as large as that specified. Entries may be returned when the function's return value is
/// either NERR_Success or ERROR_MORE_DATA.
///
///
/// Pointer to a buffer that receives a pointer to a system-allocated buffer that specifies a sorted list of the requested
/// information. The format of this data depends on the value of the Level parameter. Because this buffer is allocated by the system,
/// it must be freed using the NetApiBufferFree function. Note that you must free the buffer even if the function fails with
/// ERROR_MORE_DATA. For more information, see the following Return Values section, and the topics Network Management Function
/// Buffers and Network Management Function Buffer Lengths.
///
///
/// If the function succeeds, the return value is NERR_Success.
/// If the function fails, the return value is one of the following error codes.
///
///
/// Return code
/// Description
///
/// -
/// ERROR_ACCESS_DENIED
/// The user does not have access to the requested information.
///
/// -
/// ERROR_INVALID_LEVEL
/// The Level parameter specifies an invalid value.
///
/// -
/// ERROR_MORE_DATA
///
/// More entries are available. That is, the last entry returned in the SortedBuffer parameter is not the last entry available. To
/// retrieve additional entries, call NetQueryDisplayInformation again with the Index parameter set to the value returned in the
/// next_index member of the last entry in SortedBuffer. Note that you should not use the value of the next_index member for any
/// purpose except to retrieve more data with additional calls to NetQueryDisplayInformation.
///
///
///
///
///
///
/// If you call this function on a domain controller that is running Active Directory, access is allowed or denied based on the
/// access control list (ACL) for the securable object. The default ACL permits all authenticated users and members of the
/// "Pre-Windows 2000 compatible access" group to view the information. If you call this function on a member server or workstation,
/// all authenticated users can view the information. For information about anonymous access and restricting anonymous access on
/// these platforms, see Security Requirements for the Network Management Functions. For more information on ACLs, ACEs, and access
/// tokens, see Access Control Model.
///
///
/// The NetQueryDisplayInformation function only returns information to which the caller has Read access. The caller must have
/// List Contents access to the Domain object, and Enumerate Entire SAM Domain access on the SAM Server object located in the System container.
///
///
/// The NetQueryDisplayInformation and NetGetDisplayInformationIndex functions provide an efficient mechanism for enumerating
/// user and group accounts. When possible, use these functions instead of the NetUserEnum function or the NetGroupEnum function.
///
///
/// To enumerate trusting domains or member computer accounts, call NetUserEnum, specifying the appropriate filter value to obtain
/// the account information you require. To enumerate trusted domains, call the LsaEnumerateTrustedDomains or
/// LsaEnumerateTrustedDomainsEx function.
///
///
/// The number of entries returned by this function depends on the security descriptor located on the root domain object. The API
/// will return either the first 100 entries or the entire set of entries in the domain, depending on the access privileges of the
/// user. The ACE used to control this behavior is "SAM-Enumerate-Entire-Domain", and is granted to Authenticated Users by default.
/// Administrators can modify this setting to allow users to enumerate the entire domain.
///
///
/// Each call to NetQueryDisplayInformation returns a maximum of 100 objects. Calling the NetQueryDisplayInformation
/// function to enumerate domain account information can be costly in terms of performance. If you are programming for Active
/// Directory, you may be able to use methods on the IDirectorySearch interface to make paged queries against the domain. For more
/// information, see IDirectorySearch::SetSearchPreference and IDirectorySearch::ExecuteSearch. To enumerate trusted domains, call
/// the LsaEnumerateTrustedDomainsEx function.
///
/// Examples
///
/// The following code sample demonstrates how to return group account information using a call to the
/// NetQueryDisplayInformation function. If the user specifies a server name, the sample first calls the MultiByteToWideChar
/// function to convert the name to Unicode. The sample calls NetQueryDisplayInformation, specifying information level 3
/// (NET_DISPLAY_GROUP) to retrieve group account information. If there are entries to return, the sample returns the data and prints
/// the group information. Finally, the code sample frees the memory allocated for the information buffer.
///
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/nf-lmaccess-netquerydisplayinformation NET_API_STATUS
// NET_API_FUNCTION NetQueryDisplayInformation( IN LPCWSTR ServerName, IN DWORD Level, IN DWORD Index, IN DWORD EntriesRequested, IN
// DWORD PreferredMaximumLength, OUT LPDWORD ReturnedEntryCount, OUT PVOID *SortedBuffer );
[DllImport(Lib.NetApi32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)]
[PInvokeData("lmaccess.h", MSDNShortId = "049f1ea3-4d23-4b35-8b08-7256859aed45")]
public static extern Win32Error NetQueryDisplayInformation([Optional] string ServerName, uint Level, uint Index, uint EntriesRequested, uint PreferredMaximumLength, out uint ReturnedEntryCount, out SafeNetApiBuffer SortedBuffer);
/// Gets information about the specified managed service account.
/// The value of this parameter must be NULL.
/// The name of the account to be created.
///
/// Specifies the format of the data returned in the Buffer parameter. This can be the following value.
///
///
/// Value
/// Meaning
///
/// -
/// 0
/// The Buffer parameter contains an MSA_INFO_0 structure.
///
///
///
///
/// Information about the specified service account.
/// When you have finished using this buffer, free it by calling the NetApiBufferFree function.
///
///
/// If the function succeeds, it returns STATUS_SUCCESS.
/// If the function fails, it returns an error code.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/nf-lmaccess-netqueryserviceaccount NTSTATUS NetQueryServiceAccount(
// LPWSTR ServerName, LPWSTR AccountName, DWORD InfoLevel, PBYTE *Buffer );
[DllImport(Lib.NetApi32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)]
[PInvokeData("lmaccess.h", MSDNShortId = "ee253cab-bd53-426e-809a-12a1ccdc010b")]
public static extern NTStatus NetQueryServiceAccount([Optional] string ServerName, string AccountName, uint InfoLevel, out SafeNetApiBuffer Buffer);
///
///
/// The NetRemoveServiceAccount function deletes the specified service account from the Active Directory database if the
/// account is a standalone managed service account (sMSA). For group managed service accounts (gMSAs), this function does not delete
/// the account from the Active Directory database. The secret stored in the Local Security Authority (LSA) is deleted for both sMSAs
/// and gMSAs, and the state is stored in the Netlogon registry store.
///
///
/// This function has no associated import library. You must use the LoadLibrary and GetProcAddress functions to dynamically link to Logoncli.dll.
///
///
/// The value of this parameter must be NULL.
/// The name of the account to be deleted.
///
/// This parameter can have the following value.
///
///
/// Value
/// Meaning
///
/// -
/// SERVICE_ACCOUNT_FLAG_UNLINK_FROM_HOST_ONLY 0x00000001
///
/// For sMSAs, the service account object is unlinked from the local computer and the secret stored in the LSA is deleted. The
/// service account object is not deleted from the Active Directory database. This flag has no meaning for gMSAs.
///
///
///
///
///
/// If the function succeeds, it returns STATUS_SUCCESS.
/// If the function fails, it returns an error code.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/nf-lmaccess-netremoveserviceaccount NTSTATUS
// NetRemoveServiceAccount( LPWSTR ServerName, LPWSTR AccountName, DWORD Flags );
[DllImport(Lib.NetApi32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)]
[PInvokeData("lmaccess.h", MSDNShortId = "f67745b7-bdfd-44bc-83e0-2ad24b78e137")]
public static extern NTStatus NetRemoveServiceAccount([Optional] string ServerName, string AccountName, SvcAcctRemFlag Flags);
/// The NetUserAdd function adds a user account and assigns a password and privilege level.
///
///
/// Pointer to a constant string that specifies the DNS or NetBIOS name of the remote server on which the function is to execute. If
/// this parameter is NULL, the local computer is used.
///
/// This string is Unicode if _WIN32_WINNT or FORCE_UNICODE are defined.
///
///
/// Specifies the information level of the data. This parameter can be one of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// 1
///
/// Specifies information about the user account. The buf parameter points to a USER_INFO_1 structure. When you specify this level,
/// the call initializes certain attributes to their default values. For more information, see the following Remarks section.
///
///
/// -
/// 2
///
/// Specifies level one information and additional attributes about the user account. The buf parameter points to a USER_INFO_2 structure.
///
///
/// -
/// 3
///
/// Specifies level two information and additional attributes about the user account. This level is valid only on servers. The buf
/// parameter points to a USER_INFO_3 structure. Note that it is recommended that you use USER_INFO_4 instead.
///
///
/// -
/// 4
///
/// Specifies level two information and additional attributes about the user account. This level is valid only on servers. The buf
/// parameter points to a USER_INFO_4 structure. Windows 2000: This level is not supported.
///
///
///
///
///
/// Pointer to the buffer that specifies the data. The format of this data depends on the value of the level parameter. For more
/// information, see Network Management Function Buffers.
///
///
/// Pointer to a value that receives the index of the first member of the user information structure that causes
/// ERROR_INVALID_PARAMETER. If this parameter is NULL, the index is not returned on error. For more information, see the
/// NetUserSetInfo function.
///
///
/// If the function succeeds, the return value is NERR_Success.
/// If the function fails, the return value can be one of the following error codes.
///
///
/// Return code
/// Description
///
/// -
/// ERROR_ACCESS_DENIED
/// The user does not have access to the requested information.
///
/// -
/// NERR_InvalidComputer
/// The computer name is invalid.
///
/// -
/// NERR_NotPrimary
/// The operation is allowed only on the primary domain controller of the domain.
///
/// -
/// NERR_GroupExists
/// The group already exists.
///
/// -
/// NERR_UserExists
/// The user account already exists.
///
/// -
/// NERR_PasswordTooShort
///
/// The password is shorter than required. (The password could also be too long, be too recent in its change history, not have enough
/// unique characters, or not meet another password policy requirement.)
///
///
///
///
///
///
/// If you are programming for Active Directory, you may be able to call certain Active Directory Service Interface (ADSI) methods to
/// achieve the same functionality you can achieve by calling the network management user functions. For more information, see
/// IADsUser and IADsComputer.
///
///
/// If you call this function on a domain controller that is running Active Directory, access is allowed or denied based on the
/// access control list (ACL) for the securable object. The default ACL permits only Domain Admins and Account Operators to call this
/// function. On a member server or workstation, only Administrators and Power Users can call this function. For more information,
/// see Security Requirements for the Network Management Functions. For more information on ACLs, ACEs, and access tokens, see Access
/// Control Model.
///
///
/// The security descriptor of the user container is used to perform the access check for this function. The caller must be able to
/// create child objects of the user class.
///
///
/// Server users must use a system in which the server creates a system account for the new user. The creation of this account is
/// controlled by several parameters in the server's LanMan.ini file.
///
///
/// If the newly added user already exists as a system user, the usri1_home_dir member of the USER_INFO_1 structure is ignored.
///
///
/// When you call the NetUserAdd function and specify information level 1, the call initializes the additional members in the
/// USER_INFO_2, USER_INFO_3, and USER_INFO_4 structures to their default values. You can change the default values by making
/// subsequent calls to the NetUserSetInfo function. The default values supplied are listed following. (The prefix usriX indicates
/// that the member can begin with multiple prefixes, for example, usri2_ or usri4_.)
///
///
///
/// Member
/// Default Value
///
/// -
/// usriX_auth_flags
/// None (0)
///
/// -
/// usriX_full_name
/// None (null string)
///
/// -
/// usriX_usr_comment
/// None (null string)
///
/// -
/// usriX_parms
/// None (null string)
///
/// -
/// usriX_workstations
/// All (null string)
///
/// -
/// usriX_acct_expires
/// Never (TIMEQ_FOREVER)
///
/// -
/// usriX_max_storage
/// Unlimited (USER_MAXSTORAGE_UNLIMITED)
///
/// -
/// usriX_logon_hours
/// Logon allowed at any time (each element 0xFF; all bits set to 1)
///
/// -
/// usriX_logon_server
/// Any domain controller (\\*)
///
/// -
/// usriX_country_code
/// 0
///
/// -
/// usriX_code_page
/// 0
///
///
///
/// User account names are limited to 20 characters and group names are limited to 256 characters. In addition, account names cannot
/// be terminated by a period and they cannot include commas or any of the following printable characters: ", /, , [, ], :, |, <,
/// >, +, =, ;, ?, *. Names also cannot include characters in the range 1-31, which are non-printable.
///
/// Examples
///
/// The following code sample demonstrates how to add a user account and assign a privilege level using a call to the
/// NetUserAdd function. The code sample fills in the members of the USER_INFO_1 structure and calls NetUserAdd,
/// specifying information level 1.
///
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/nf-lmaccess-netuseradd NET_API_STATUS NET_API_FUNCTION NetUserAdd(
// LPCWSTR servername, DWORD level, LPBYTE buf, LPDWORD parm_err );
[DllImport(Lib.NetApi32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)]
[PInvokeData("lmaccess.h", MSDNShortId = "b5ca5f76-d40b-4abf-925a-0de54fc476e4")]
public static extern Win32Error NetUserAdd([Optional] string servername, uint level, IntPtr buf, out uint parm_err);
/// The NetUserChangePassword function changes a user's password for a specified network server or domain.
///
/// A pointer to a constant string that specifies the DNS or NetBIOS name of a remote server or domain on which the function is to
/// execute. If this parameter is NULL, the logon domain of the caller is used.
///
///
///
/// A pointer to a constant string that specifies a user name. The NetUserChangePassword function changes the password for the
/// specified user.
///
///
/// If this parameter is NULL, the logon name of the caller is used. For more information, see the following Remarks section.
///
///
/// A pointer to a constant string that specifies the user's old password.
/// A pointer to a constant string that specifies the user's new password.
///
/// If the function succeeds, the return value is NERR_Success.
/// If the function fails, the return value can be one of the following error codes.
///
///
/// Return code
/// Description
///
/// -
/// ERROR_ACCESS_DENIED
/// The user does not have access to the requested information.
///
/// -
/// ERROR_INVALID_PASSWORD
/// The user has entered an invalid password.
///
/// -
/// NERR_InvalidComputer
/// The computer name is invalid.
///
/// -
/// NERR_NotPrimary
/// The operation is allowed only on the primary domain controller of the domain.
///
/// -
/// NERR_UserNotFound
/// The user name could not be found.
///
/// -
/// NERR_PasswordTooShort
///
/// The password is shorter than required. (The password could also be too long, be too recent in its change history, not have enough
/// unique characters, or not meet another password policy requirement.)
///
///
///
///
///
///
/// If you are programming for Active Directory, you may be able to call certain Active Directory Service Interface (ADSI) methods to
/// achieve the same result you can achieve by calling the network management user functions. For more information, see IADsUser and IADsComputer.
///
///
/// If an application calls the NetUserChangePassword function on a domain controller that is running Active Directory, access
/// is allowed or denied based on the access control list (ACL) for the securable object. The default ACL permits only Domain Admins
/// and Account Operators to call this function. On a member server or workstation, only Administrators and Power Users can call this
/// function. A user can change his or her own password. For more information, see Security Requirements for the Network Management
/// Functions. For more information on ACLs, ACEs, and access tokens, see Access Control Model.
///
///
/// The security descriptor of the User object is used to perform the access check for this function. In addition, the caller must
/// have the "Change password" control access right on the User object. This right is granted to Anonymous Logon and Everyone by default.
///
/// Note that for the function to succeed, the oldpassword parameter must match the password as it currently exists.
///
/// In some cases, the process that calls the NetUserChangePassword function must also have the SE_CHANGE_NOTIFY_NAME
/// privilege enabled; otherwise, NetUserChangePassword fails and GetLastError returns ERROR_ACCESS_DENIED. This privilege is
/// not required for the LocalSystem account or for accounts that are members of the administrators group. By default,
/// SE_CHANGE_NOTIFY_NAME is enabled for all users, but some administrators may disable the privilege for everyone. For more
/// information about account privileges, see Privileges and Authorization Constants.
///
///
/// See Forcing a User to Change the Logon Password for a code sample that demonstrates how to force a user to change the logon
/// password on the next logon using the NetUserGetInfo and NetUserSetInfo functions.
///
///
/// User account names are limited to 20 characters and group names are limited to 256 characters. In addition, account names cannot
/// be terminated by a period and they cannot include commas or any of the following printable characters: ", /, , [, ], :, |, <,
/// >, +, =, ;, ?, *. Names also cannot include characters in the range 1-31, which are non-printable.
///
///
/// The NetUserChangePassword function does not control how the oldpassword and newpassword parameters are secured when sent
/// over the network to a remote server. Any encryption of these parameters is handled by the Remote Procedure Call (RPC) mechanism
/// supported by the network redirector that provides the network transport. Encryption is also controlled by the security mechanisms
/// supported by the local computer and the security mechanisms supported by remote network server or domain specified in the
/// domainname parameter. For more details on security when the Microsoft network redirector is used and the remote network server is
/// running Microsoft Windows, see the protocol documentation for MS-RPCE, MS-SAMR, MS-SPNG, and MS-NLMP.
///
/// Examples
///
/// The following code sample demonstrates how to change a user's password with a call to the NetUserChangePassword function.
/// All parameters to the function are required.
///
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/nf-lmaccess-netuserchangepassword NET_API_STATUS NET_API_FUNCTION
// NetUserChangePassword( IN LPCWSTR domainname, IN LPCWSTR username, IN LPCWSTR oldpassword, IN LPCWSTR newpassword );
[DllImport(Lib.NetApi32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Unicode)]
[PInvokeData("lmaccess.h", MSDNShortId = "e3791756-3bd4-490b-983a-9687373d846b")]
public static extern Win32Error NetUserChangePassword([Optional] string domainname, [Optional] string username, string oldpassword, string newpassword);
/// The NetUserDel function deletes a user account from a server.
///
/// Pointer to a constant string that specifies the DNS or NetBIOS name of the remote server on which the function is to execute. If
/// this parameter is NULL, the local computer is used.
///
///
/// Pointer to a constant string that specifies the name of the user account to delete. For more information, see the following
/// Remarks section.
///
///
/// If the function succeeds, the return value is NERR_Success.
/// If the function fails, the return value can be one of the following error codes.
///
///
/// Return code
/// Description
///
/// -
/// ERROR_ACCESS_DENIED
/// The user does not have access to the requested information.
///
/// -
/// NERR_InvalidComputer
/// The computer name is invalid.
///
/// -
/// NERR_NotPrimary
/// The operation is allowed only on the primary domain controller of the domain.
///
/// -
/// NERR_UserNotFound
/// The user name could not be found.
///
///
///
///
///
/// If you are programming for Active Directory, you may be able to call certain Active Directory Service Interface (ADSI) methods to
/// achieve the same functionality you can achieve by calling the network management user functions. For more information, see
/// IADsUser and IADsComputer.
///
///
/// If you call this function on a domain controller that is running Active Directory, access is allowed or denied based on the
/// access control list (ACL) for the securable object. The default ACL permits only Domain Admins and Account Operators to call this
/// function. On a member server or workstation, only Administrators and Power Users can call this function. For more information,
/// see Security Requirements for the Network Management Functions. For more information on ACLs, ACEs, and access tokens, see Access
/// Control Model.
///
/// The security descriptor of the User object is used to perform the access check for this function.
///
/// An account cannot be deleted while a user or application is accessing a server resource. If the user was added to the system with
/// a call to the NetUserAdd function, deleting the user also deletes the user's system account.
///
///
/// User account names are limited to 20 characters and group names are limited to 256 characters. In addition, account names cannot
/// be terminated by a period and they cannot include commas or any of the following printable characters: ", /, , [, ], :, |, <,
/// >, +, =, ;, ?, *. Names also cannot include characters in the range 1-31, which are non-printable.
///
/// Examples
/// The following code sample demonstrates how to delete a user account with a call to the NetUserDel function.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/nf-lmaccess-netuserdel NET_API_STATUS NET_API_FUNCTION NetUserDel(
// LPCWSTR servername, LPCWSTR username );
[DllImport(Lib.NetApi32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)]
[PInvokeData("lmaccess.h", MSDNShortId = "c1429b82-4fd1-48b6-8957-04dee0426077")]
public static extern Win32Error NetUserDel([Optional] string servername, string username);
/// The NetUserEnum function retrieves information about all user accounts on a server.
///
/// A pointer to a constant string that specifies the DNS or NetBIOS name of the remote server on which the function is to execute.
/// If this parameter is NULL, the local computer is used.
///
///
/// Specifies the information level of the data. This parameter can be one of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// 0
/// Return user account names. The bufptr parameter points to an array of USER_INFO_0 structures.
///
/// -
/// 1
/// Return detailed information about user accounts. The bufptr parameter points to an array of USER_INFO_1 structures.
///
/// -
/// 2
///
/// Return detailed information about user accounts, including authorization levels and logon information. The bufptr parameter
/// points to an array of USER_INFO_2 structures.
///
///
/// -
/// 3
///
/// Return detailed information about user accounts, including authorization levels, logon information, RIDs for the user and the
/// primary group, and profile information. The bufptr parameter points to an array of USER_INFO_3 structures.
///
///
/// -
/// 10
/// Return user and account names and comments. The bufptr parameter points to an array of USER_INFO_10 structures.
///
/// -
/// 11
/// Return detailed information about user accounts. The bufptr parameter points to an array of USER_INFO_11 structures.
///
/// -
/// 20
///
/// Return the user's name and identifier and various account attributes. The bufptr parameter points to an array of USER_INFO_20
/// structures. Note that on Windows XP and later, it is recommended that you use USER_INFO_23 instead.
///
///
///
///
///
///
/// A value that specifies the user account types to be included in the enumeration. A value of zero indicates that all normal user,
/// trust data, and machine account data should be included.
///
/// This parameter can also be a combination of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// FILTER_TEMP_DUPLICATE_ACCOUNT
///
/// Enumerates account data for users whose primary account is in another domain. This account type provides user access to this
/// domain, but not to any domain that trusts this domain. The User Manager refers to this account type as a local user account.
///
///
/// -
/// FILTER_NORMAL_ACCOUNT
/// Enumerates normal user account data. This account type is associated with a typical user.
///
/// -
/// FILTER_INTERDOMAIN_TRUST_ACCOUNT
///
/// Enumerates interdomain trust account data. This account type is associated with a trust account for a domain that trusts other domains.
///
///
/// -
/// FILTER_WORKSTATION_TRUST_ACCOUNT
///
/// Enumerates workstation or member server trust account data. This account type is associated with a machine account for a computer
/// that is a member of the domain.
///
///
/// -
/// FILTER_SERVER_TRUST_ACCOUNT
///
/// Enumerates member server machine account data. This account type is associated with a computer account for a backup domain
/// controller that is a member of the domain.
///
///
///
///
///
/// A pointer to the buffer that receives the data. The format of this data depends on the value of the level parameter.
///
/// The buffer for this data is allocated by the system and the application must call the NetApiBufferFree function to free the
/// allocated memory when the data returned is no longer needed. Note that you must free the buffer even if the NetUserEnum
/// function fails with ERROR_MORE_DATA.
///
///
///
/// The preferred maximum length, in bytes, of the returned data. If you specify MAX_PREFERRED_LENGTH, the NetUserEnum
/// function allocates the amount of memory required for the data. If you specify another value in this parameter, it can restrict
/// the number of bytes that the function returns. If the buffer size is insufficient to hold all entries, the function returns
/// ERROR_MORE_DATA. For more information, see Network Management Function Buffers and Network Management Function Buffer Lengths.
///
/// A pointer to a value that receives the count of elements actually enumerated.
///
///
/// A pointer to a value that receives the total number of entries that could have been enumerated from the current resume position.
/// Note that applications should consider this value only as a hint. If your application is communicating with a Windows 2000 or
/// later domain controller, you should consider using the ADSI LDAP Provider to retrieve this type of data more efficiently. The
/// ADSI LDAP Provider implements a set of ADSI objects that support various ADSI interfaces. For more information, see ADSI Service Providers.
///
///
/// LAN Manager: If the call is to a computer that is running LAN Manager 2.x, the totalentries parameter will always reflect
/// the total number of entries in the database no matter where it is in the resume sequence.
///
///
///
/// A pointer to a value that contains a resume handle which is used to continue an existing user search. The handle should be zero
/// on the first call and left unchanged for subsequent calls. If this parameter is NULL, then no resume handle is stored.
///
///
/// If the function succeeds, the return value is NERR_Success.
/// If the function fails, the return value can be one of the following error codes.
///
///
/// Return code
/// Description
///
/// -
/// ERROR_ACCESS_DENIED
/// The user does not have access to the requested information.
///
/// -
/// ERROR_INVALID_LEVEL
/// The system call level is not correct. This error is returned if the level parameter is set to a value not supported.
///
/// -
/// NERR_BufTooSmall
/// The buffer is too small to contain an entry. No information has been written to the buffer.
///
/// -
/// NERR_InvalidComputer
/// The computer name is invalid.
///
/// -
/// ERROR_MORE_DATA
/// More entries are available. Specify a large enough buffer to receive all entries.
///
///
///
///
///
/// The NetUserEnum function retrieves information about all user accounts on a specified remote server or the local computer.
///
///
/// The NetQueryDisplayInformation function can be used to quickly enumerate user, computer, or global group account information for
/// display in user interfaces .
///
///
/// If you are programming for Active Directory, you may be able to call certain Active Directory Service Interface (ADSI) methods to
/// achieve the same functionality you can achieve by calling the network management user functions. For more information, see
/// IADsUser and IADsComputer.
///
///
/// If you call the NetUserEnum function on a domain controller that is running Active Directory, access is allowed or denied
/// based on the access control list (ACL) for the securable object. The default ACL permits all authenticated users and members of
/// the "Pre-Windows 2000 compatible access" group to view the information. If you call this function on a member server or
/// workstation, all authenticated users can view the information. For information about anonymous access and restricting anonymous
/// access on these platforms, see Security Requirements for the Network Management Functions. For more information on ACLs, ACEs,
/// and access tokens, see Access Control Model.
///
///
/// The NetUserEnum function only returns information to which the caller has Read access. The caller must have List Contents
/// access to the Domain object, and Enumerate Entire SAM Domain access on the SAM Server object located in the System container.
///
///
/// The LsaEnumerateTrustedDomains or LsaEnumerateTrustedDomainsEx function can be used to retrieve the names and SIDs of domains
/// trusted by a Local Security Authority (LSA) policy object.
///
///
/// The NetUserEnum function does not return all system users. It returns only those users who have been added with a call to
/// the NetUserAdd function. There is no guarantee that the list of users will be returned in sorted order.
///
///
/// If you call the NetUserEnum function and specify information level 1, 2, or 3, for the level parameter, the password
/// member of each structure retrieved is set to NULL to maintain password security.
///
///
/// User account names are limited to 20 characters and group names are limited to 256 characters. In addition, account names cannot
/// be terminated by a period and they cannot include commas or any of the following printable characters: ", /, , [, ], :, |, <,
/// >, +, =, ;, ?, *. Names also cannot include characters in the range 1-31, which are non-printable.
///
///
/// The NetUserEnum function does not support a level parameter of 4 and the USER_INFO_4 structure. The NetUserGetInfo
/// function supports a level parameter of 4 and the USER_INFO_4 structure.
///
/// Examples
///
/// The following code sample demonstrates how to retrieve information about the user accounts on a server with a call to the
/// NetUserEnum function. The sample calls NetUserEnum, specifying information level 0 (USER_INFO_0) to enumerate only
/// global user accounts. If the call succeeds, the code loops through the entries and prints the name of each user account. Finally,
/// the code sample frees the memory allocated for the information buffer and prints a total of the users enumerated.
///
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/nf-lmaccess-netuserenum NET_API_STATUS NET_API_FUNCTION NetUserEnum(
// LPCWSTR servername, DWORD level, DWORD filter, LPBYTE *bufptr, DWORD prefmaxlen, LPDWORD entriesread, LPDWORD totalentries, PDWORD
// resume_handle );
[DllImport(Lib.NetApi32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)]
[PInvokeData("lmaccess.h", MSDNShortId = "b26ef3c0-934a-4840-8c06-4eaff5c9ff86")]
public static extern Win32Error NetUserEnum([Optional] string servername, uint level, UserEnumFilter filter, out SafeNetApiBuffer bufptr, uint prefmaxlen, out uint entriesread, out uint totalentries, ref uint resume_handle);
/// The NetUserGetGroups function retrieves a list of global groups to which a specified user belongs.
///
/// A pointer to a constant string that specifies the DNS or NetBIOS name of the remote server on which the function is to execute.
/// If this parameter is NULL, the local computer is used.
///
///
/// A pointer to a constant string that specifies the name of the user to search for in each group account. For more information, see
/// the following Remarks section.
///
///
/// The information level of the data requested. This parameter can be one of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// 0
///
/// Return the names of the global groups to which the user belongs. The bufptr parameter points to an array of GROUP_USERS_INFO_0 structures.
///
///
/// -
/// 1
///
/// Return the names of the global groups to which the user belongs with attributes. The bufptr parameter points to an array of
/// GROUP_USERS_INFO_1 structures.
///
///
///
///
///
/// A pointer to the buffer that receives the data. This buffer is allocated by the system and must be freed using the
/// NetApiBufferFree function. Note that you must free the buffer even if the function fails with ERROR_MORE_DATA.
///
///
/// The preferred maximum length, in bytes, of returned data. If MAX_PREFERRED_LENGTH is specified, the function allocates the amount
/// of memory required for the data. If another value is specified in this parameter, it can restrict the number of bytes that the
/// function returns. If the buffer size is insufficient to hold all entries, the function returns ERROR_MORE_DATA. For more
/// information, see Network Management Function Buffers and Network Management Function Buffer Lengths.
///
/// A pointer to a value that receives the count of elements actually retrieved.
/// A pointer to a value that receives the total number of entries that could have been retrieved.
///
/// If the function succeeds, the return value is NERR_Success.
/// If the function fails, the return value can be one of the following error codes.
///
///
/// Return code
/// Description
///
/// -
/// ERROR_ACCESS_DENIED
/// The user does not have access rights to the requested information.
///
/// -
/// ERROR_BAD_NETPATH
/// The network path was not found. This error is returned if the servername parameter could not be found.
///
/// -
/// ERROR_INVALID_LEVEL
///
/// The system call level is not correct. This error is returned if the level parameter was specified as a value other than 0 or 1.
///
///
/// -
/// ERROR_INVALID_NAME
///
/// The name syntax is incorrect. This error is returned if the servername parameter has leading or trailing blanks or contains an
/// illegal character.
///
///
/// -
/// ERROR_MORE_DATA
/// More entries are available. Specify a large enough buffer to receive all entries.
///
/// -
/// ERROR_NOT_ENOUGH_MEMORY
/// Insufficient memory was available to complete the operation.
///
/// -
/// NERR_InternalError
/// An internal error occurred.
///
/// -
/// NERR_UserNotFound
/// The user could not be found. This error is returned if the username could not be found.
///
///
///
///
///
/// If you are programming for Active Directory, you may be able to call certain Active Directory Service Interface (ADSI) methods to
/// achieve the same functionality you can achieve by calling the network management user functions. For more information, see
/// IADsUser and IADsComputer.
///
///
/// If you call this function on a domain controller that is running Active Directory, access is allowed or denied based on the
/// access control list (ACL) for the securable object. The default ACL permits all authenticated users and members of the
/// "Pre-Windows 2000 compatible access" group to view the information. If you call this function on a member server or workstation,
/// all authenticated users can view the information. For information about anonymous access and restricting anonymous access on
/// these platforms, see Security Requirements for the Network Management Functions. For more information on ACLs, ACEs, and access
/// tokens, see Access Control Model.
///
/// The security descriptor of the User object is used to perform the access check for this function.
///
/// To retrieve a list of the local groups to which a user belongs, you can call the NetUserGetLocalGroups function. Network groups
/// are separate and distinct from Windows NT system groups.
///
///
/// User account names are limited to 20 characters and group names are limited to 256 characters. In addition, account names cannot
/// be terminated by a period and they cannot include commas or any of the following printable characters: ", /, , [, ], :, |, <,
/// >, +, =, ;, ?, *. Names also cannot include characters in the range 1-31, which are non-printable.
///
/// Examples
///
/// The following code sample demonstrates how to retrieve a list of global groups to which a user belongs with a call to the
/// NetUserGetGroups function. The sample calls NetUserGetGroups, specifying information level 0 ( GROUP_USERS_INFO_0).
/// The code loops through the entries and prints the name of the global groups in which the user has membership. The sample also
/// prints the total number of entries that are available and the number of entries actually enumerated if they do not match.
/// Finally, the code sample frees the memory allocated for the buffer.
///
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/nf-lmaccess-netusergetgroups NET_API_STATUS NET_API_FUNCTION
// NetUserGetGroups( LPCWSTR servername, LPCWSTR username, DWORD level, LPBYTE *bufptr, DWORD prefmaxlen, LPDWORD entriesread,
// LPDWORD totalentries );
[DllImport(Lib.NetApi32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)]
[PInvokeData("lmaccess.h", MSDNShortId = "ecf1a94c-5dda-4f49-81bd-93e551e089f1")]
public static extern Win32Error NetUserGetGroups([Optional] string servername, string username, uint level, out SafeNetApiBuffer bufptr, uint prefmaxlen, out uint entriesread, out uint totalentries);
/// The NetUserGetInfo function retrieves information about a particular user account on a server.
///
/// A pointer to a constant string that specifies the DNS or NetBIOS name of the remote server on which the function is to execute.
/// If this parameter is NULL, the local computer is used.
///
///
/// A pointer to a constant string that specifies the name of the user account for which to return information. For more information,
/// see the following Remarks section.
///
///
/// The information level of the data. This parameter can be one of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// 0
/// Return the user account name. The bufptr parameter points to a USER_INFO_0 structure.
///
/// -
/// 1
/// Return detailed information about the user account. The bufptr parameter points to a USER_INFO_1 structure.
///
/// -
/// 2
///
/// Return detailed information and additional attributes about the user account. The bufptr parameter points to a USER_INFO_2 structure.
///
///
/// -
/// 3
///
/// Return detailed information and additional attributes about the user account. This level is valid only on servers. The bufptr
/// parameter points to a USER_INFO_3 structure. Note that it is recommended that you use USER_INFO_4 instead.
///
///
/// -
/// 4
///
/// Return detailed information and additional attributes about the user account. This level is valid only on servers. The bufptr
/// parameter points to a USER_INFO_4 structure.
///
///
/// -
/// 10
/// Return user and account names and comments. The bufptr parameter points to a USER_INFO_10 structure.
///
/// -
/// 11
/// Return detailed information about the user account. The bufptr parameter points to a USER_INFO_11 structure.
///
/// -
/// 20
///
/// Return the user's name and identifier and various account attributes. The bufptr parameter points to a USER_INFO_20 structure.
/// Note that on Windows XP and later, it is recommended that you use USER_INFO_23 instead.
///
///
/// -
/// 23
/// Return the user's name and identifier and various account attributes. The bufptr parameter points to a USER_INFO_23 structure.
///
/// -
/// 24
///
/// Return user account information for accounts which are connected to an Internet identity. The bufptr parameter points to a
/// USER_INFO_24 structure.
///
///
///
///
///
/// A pointer to the buffer that receives the data. The format of this data depends on the value of the level parameter. This buffer
/// is allocated by the system and must be freed using the NetApiBufferFree function. For more information, see Network Management
/// Function Buffers and Network Management Function Buffer Lengths.
///
///
/// If the function succeeds, the return value is NERR_Success.
/// If the function fails, the return value can be one of the following error codes.
///
///
/// Return code
/// Description
///
/// -
/// ERROR_ACCESS_DENIED
/// The user does not have access to the requested information.
///
/// -
/// ERROR_BAD_NETPATH
/// The network path specified in the servername parameter was not found.
///
/// -
/// ERROR_INVALID_LEVEL
/// The value specified for the level parameter is invalid.
///
/// -
/// NERR_InvalidComputer
/// The computer name is invalid.
///
/// -
/// NERR_UserNotFound
/// The user name could not be found.
///
///
///
///
///
/// If you are programming for Active Directory, you may be able to call certain Active Directory Service Interface (ADSI) methods to
/// achieve the same functionality you can achieve by calling the network management user functions. For more information, see
/// IADsUser and IADsComputer.
///
///
/// If you call this function on a domain controller that is running Active Directory, access is allowed or denied based on the
/// access control list (ACL) for the securable object. The default ACL permits all authenticated users and members of the
/// "Pre-Windows 2000 compatible access" group to view the information. If you call this function on a member server or workstation,
/// all authenticated users can view the information. For information about anonymous access and restricting anonymous access on
/// these platforms, see Security Requirements for the Network Management Functions. For more information on ACLs, ACEs, and access
/// tokens, see Access Control Model.
///
/// The security descriptor of the User object is used to perform the access check for this function.
///
/// User account names are limited to 20 characters and group names are limited to 256 characters. In addition, account names cannot
/// be terminated by a period and they cannot include commas or any of the following printable characters: ", /, , [, ], :, |, <,
/// >, +, =, ;, ?, *. Names also cannot include characters in the range 1-31, which are non-printable.
///
///
/// If the information level specified in the level parameter is set to 24, the servername parameter specified must resolve to the
/// local computer. If the servername resolves to a remote computer or to a domain controller, the NetUserGetInfo function
/// will fail.
///
/// Examples
///
/// The following code sample demonstrates how to retrieve information about a particular user account with a call to the
/// NetUserGetInfo function. The sample calls NetUserGetInfo, specifying various information levels . If the call
/// succeeds, the code prints information about the user account. Finally, the sample frees the memory allocated for the information buffer.
///
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/nf-lmaccess-netusergetinfo NET_API_STATUS NET_API_FUNCTION
// NetUserGetInfo( LPCWSTR servername, LPCWSTR username, DWORD level, LPBYTE *bufptr );
[DllImport(Lib.NetApi32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Unicode)]
[PInvokeData("lmaccess.h", MSDNShortId = "5bd13bed-938a-4273-840e-99fca99f7139")]
public static extern Win32Error NetUserGetInfo([Optional] string servername, string username, uint level, out SafeNetApiBuffer bufptr);
/// The NetUserGetLocalGroups function retrieves a list of local groups to which a specified user belongs.
///
/// A pointer to a constant string that specifies the DNS or NetBIOS name of the remote server on which the function is to execute.
/// If this parameter is NULL, the local computer is used.
///
///
/// A pointer to a constant string that specifies the name of the user for which to return local group membership information. If the
/// string is of the form DomainName<i>UserName the user name is expected to be found on that domain. If the string is of the
/// form UserName, the user name is expected to be found on the server specified by the servername parameter. For more information,
/// see the Remarks section.
///
///
/// The information level of the data. This parameter can be the following value.
///
///
/// Value
/// Meaning
///
/// -
/// 0
///
/// Return the names of the local groups to which the user belongs. The bufptr parameter points to an array of
/// LOCALGROUP_USERS_INFO_0 structures.
///
///
///
///
///
/// A bitmask of flags that affect the operation. Currently, only the value defined is LG_INCLUDE_INDIRECT. If this bit is
/// set, the function also returns the names of the local groups in which the user is indirectly a member (that is, the user has
/// membership in a global group that is itself a member of one or more local groups).
///
///
/// A pointer to the buffer that receives the data. The format of this data depends on the value of the level parameter. This buffer
/// is allocated by the system and must be freed using the NetApiBufferFree function. Note that you must free the buffer even if the
/// function fails with ERROR_MORE_DATA.
///
///
/// The preferred maximum length, in bytes, of the returned data. If MAX_PREFERRED_LENGTH is specified in this parameter, the
/// function allocates the amount of memory required for the data. If another value is specified in this parameter, it can restrict
/// the number of bytes that the function returns. If the buffer size is insufficient to hold all entries, the function returns
/// ERROR_MORE_DATA. For more information, see Network Management Function Buffers and Network Management Function Buffer Lengths.
///
/// A pointer to a value that receives the count of elements actually enumerated.
/// A pointer to a value that receives the total number of entries that could have been enumerated.
///
/// If the function succeeds, the return value is NERR_Success.
/// If the function fails, the return value can be one of the following error codes.
///
///
/// Return code
/// Description
///
/// -
/// ERROR_ACCESS_DENIED
///
/// The user does not have access rights to the requested information. This error is also returned if the servername parameter has a
/// trailing blank.
///
///
/// -
/// ERROR_INVALID_LEVEL
/// The system call level is not correct. This error is returned if the level parameter was not specified as 0.
///
/// -
/// ERROR_INVALID_PARAMETER
/// A parameter is incorrect. This error is returned if the flags parameter contains a value other than LG_INCLUDE_INDIRECT.
///
/// -
/// ERROR_MORE_DATA
/// More entries are available. Specify a large enough buffer to receive all entries.
///
/// -
/// ERROR_NOT_ENOUGH_MEMORY
/// Insufficient memory was available to complete the operation.
///
/// -
/// NERR_DCNotFound
/// The domain controller could not be found.
///
/// -
/// NERR_UserNotFound
/// The user could not be found. This error is returned if the username could not be found.
///
/// -
/// RPC_S_SERVER_UNAVAILABLE
/// The RPC server is unavailable. This error is returned if the servername parameter could not be found.
///
///
///
///
///
/// If you are programming for Active Directory, you may be able to call certain Active Directory Service Interface (ADSI) methods to
/// achieve the same functionality you can achieve by calling the network management user functions. For more information, see
/// IADsUser and IADsComputer.
///
///
/// If you call this function on a domain controller that is running Active Directory, access is allowed or denied based on the
/// access control list (ACL) for the securable object. The default ACL permits all authenticated users and members of the
/// "Pre-Windows 2000 compatible access" group to view the information. If you call this function on a member server or workstation,
/// all authenticated users can view the information. For information about anonymous access and restricting anonymous access on
/// these platforms, see Security Requirements for the Network Management Functions. For more information on ACLs, ACEs, and access
/// tokens, see Access Control Model.
///
///
/// The security descriptor of the Domain object is used to perform the access check for this function. The caller must have Read
/// Property permission on the Domain object.
///
/// To retrieve a list of global groups to which a specified user belongs, you can call the NetUserGetGroups function.
///
/// User account names are limited to 20 characters and group names are limited to 256 characters. In addition, account names cannot
/// be terminated by a period and they cannot include commas or any of the following printable characters: ", /, , [, ], :, |, <,
/// >, +, =, ;, ?, *. Names also cannot include characters in the range 1-31, which are non-printable.
///
/// Examples
///
/// The following code sample demonstrates how to retrieve a list of the local groups to which a user belongs with a call to the
/// NetUserGetLocalGroups function. The sample calls NetUserGetLocalGroups, specifying information level 0
/// (LOCALGROUP_USERS_INFO_0). The sample loops through the entries and prints the name of each local group in which the user has
/// membership. If all available entries are not enumerated, it also prints the number of entries actually enumerated and the total
/// number of entries available. Finally, the code sample frees the memory allocated for the information buffer.
///
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/nf-lmaccess-netusergetlocalgroups NET_API_STATUS NET_API_FUNCTION
// NetUserGetLocalGroups( LPCWSTR servername, LPCWSTR username, DWORD level, DWORD flags, LPBYTE *bufptr, DWORD prefmaxlen, LPDWORD
// entriesread, LPDWORD totalentries );
[DllImport(Lib.NetApi32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)]
[PInvokeData("lmaccess.h", MSDNShortId = "cc5c1c15-cad7-4103-a2c9-1a8adf742703")]
public static extern Win32Error NetUserGetLocalGroups([Optional] string servername, string username, uint level, GetLocalGroupFlags flags, out SafeNetApiBuffer bufptr, uint prefmaxlen, out uint entriesread, out uint totalentries);
///
/// The NetUserModalsGet function retrieves global information for all users and global groups in the security database, which
/// is the security accounts manager (SAM) database or, in the case of domain controllers, the Active Directory.
///
///
/// A pointer to a constant string that specifies the DNS or NetBIOS name of the remote server on which the function is to execute.
/// If this parameter is NULL, the local computer is used. For more information, see the following Remarks section.
///
///
/// The information level of the data requested. This parameter can be one of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// 0
/// Return global password parameters. The bufptr parameter points to a USER_MODALS_INFO_0 structure.
///
/// -
/// 1
/// Return logon server and domain controller information. The bufptr parameter points to a USER_MODALS_INFO_1 structure.
///
/// -
/// 2
///
/// Return domain name and identifier. The bufptr parameter points to a USER_MODALS_INFO_2 structure. For more information, see the
/// following Remarks section.
///
///
/// -
/// 3
/// Return lockout information. The bufptr parameter points to a USER_MODALS_INFO_3 structure.
///
///
/// A null session logon can call NetUserModalsGet anonymously at information levels 0 and 3.
///
///
/// A pointer to the buffer that receives the data. The format of this data depends on the value of the level parameter.
///
/// The buffer for this data is allocated by the system and the application must call the NetApiBufferFree function to free the
/// allocated memory when the data returned is no longer needed. For more information, see Network Management Function Buffers and
/// Network Management Function Buffer Lengths.
///
///
///
/// If the function succeeds, the return value is NERR_Success.
/// If the function fails, the return value can be one of the following error codes.
///
///
/// Return code
/// Description
///
/// -
/// ERROR_ACCESS_DENIED
/// The user does not have access to the requested information.
///
/// -
/// ERROR_BAD_NETPATH
/// The network path was not found. This error is returned if the servername parameter could not be found.
///
/// -
/// ERROR_INVALID_LEVEL
/// The system call level is not correct. This error is returned if the level parameter is not one of the supported values.
///
/// -
/// ERROR_INVALID_NAME
///
/// The file name, directory name, or volume label syntax is incorrect. This error is returned if the servername parameter syntax is incorrect.
///
///
/// -
/// ERROR_WRONG_TARGET_NAME
///
/// The target account name is incorrect. This error is returned for a logon failure to a remote servername parameter running on
/// Windows Vista.
///
///
/// -
/// NERR_InvalidComputer
/// The computer name is invalid.
///
///
///
///
///
/// If you are programming for Active Directory, you may be able to call certain Active Directory Service Interface (ADSI) methods to
/// achieve the same functionality you can achieve by calling the network management user modal functions. For more information, see IADsDomain.
///
///
/// If you call this function on a domain controller that is running Active Directory, access is allowed or denied based on the
/// access control list (ACL) for the securable object. The default ACL permits all authenticated users and members of the
/// "Pre-Windows 2000 compatible access" group to view the information. If you call this function on a member server or workstation,
/// all authenticated users can view the information. For information about anonymous access and restricting anonymous access on
/// these platforms, see Security Requirements for the Network Management Functions. For more information on ACLs, ACEs, and access
/// tokens, see Access Control Model.
///
/// The security descriptor of the Domain object is used to perform the access check for this function.
///
/// To retrieve the security identifier (SID) of the domain to which the computer belongs, call the NetUserModalsGet function
/// specifying a USER_MODALS_INFO_2 structure and NULL in the servername parameter. If the computer isn't a member of a
/// domain, the function returns a NULL pointer.
///
/// Examples
///
/// The following code sample demonstrates how to retrieve global information for all users and global groups with a call to the
/// NetUserModalsGet function. The sample calls NetUserModalsGet, specifying information level 0 (USER_MODALS_INFO_0).
/// If the call succeeds, the sample prints global password information. Finally, the code sample frees the memory allocated for the
/// information buffer.
///
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/nf-lmaccess-netusermodalsget NET_API_STATUS NET_API_FUNCTION
// NetUserModalsGet( LPCWSTR servername, DWORD level, LPBYTE *bufptr );
[DllImport(Lib.NetApi32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)]
[PInvokeData("lmaccess.h", MSDNShortId = "5bb18144-82a6-4e9b-8321-c06a667bdd03")]
public static extern Win32Error NetUserModalsGet([Optional] string servername, uint level, out SafeNetApiBuffer bufptr);
///
/// The NetUserModalsSet function sets global information for all users and global groups in the security database, which is
/// the security accounts manager (SAM) database or, in the case of domain controllers, the Active Directory.
///
///
/// Pointer to a constant string that specifies the DNS or NetBIOS name of the remote server on which the function is to execute. If
/// this parameter is NULL, the local computer is used.
///
///
/// Specifies the information level of the data. This parameter can be one of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// 0
/// Specifies global password parameters. The buf parameter points to a USER_MODALS_INFO_0 structure.
///
/// -
/// 1
/// Specifies logon server and domain controller information. The buf parameter points to a USER_MODALS_INFO_1 structure.
///
/// -
/// 2
/// Specifies the domain name and identifier. The buf parameter points to a USER_MODALS_INFO_2 structure.
///
/// -
/// 3
/// Specifies lockout information. The buf parameter points to a USER_MODALS_INFO_3 structure.
///
/// -
/// 1001
/// Specifies the minimum allowable password length. The buf parameter points to a USER_MODALS_INFO_1001 structure.
///
/// -
/// 1002
/// Specifies the maximum allowable password age. The buf parameter points to a USER_MODALS_INFO_1002 structure.
///
/// -
/// 1003
/// Specifies the minimum allowable password age. The buf parameter points to a USER_MODALS_INFO_1003 structure.
///
/// -
/// 1004
/// Specifies forced logoff information. The buf parameter points to a USER_MODALS_INFO_1004 structure.
///
/// -
/// 1005
/// Specifies the length of the password history. The buf parameter points to a USER_MODALS_INFO_1005 structure.
///
/// -
/// 1006
/// Specifies the role of the logon server. The buf parameter points to a USER_MODALS_INFO_1006 structure.
///
/// -
/// 1007
/// Specifies domain controller information. The buf parameter points to a USER_MODALS_INFO_1007 structure.
///
///
///
///
/// Pointer to the buffer that specifies the data. The format of this data depends on the value of the level parameter. For more
/// information, see Network Management Function Buffers.
///
///
/// Pointer to a value that receives the index of the first member of the information structure that causes ERROR_INVALID_PARAMETER.
/// If this parameter is NULL, the index is not returned on error. For more information, see the following Remarks section.
///
///
/// If the function succeeds, the return value is NERR_Success.
/// If the function fails, the return value can be one of the following error codes.
///
///
/// Return code
/// Description
///
/// -
/// ERROR_ACCESS_DENIED
/// The user does not have access to the requested information.
///
/// -
/// ERROR_INVALID_PARAMETER
/// The specified parameter is invalid. For more information, see the following Remarks section.
///
/// -
/// NERR_InvalidComputer
/// The computer name is invalid.
///
/// -
/// NERR_UserNotFound
/// The user name could not be found.
///
///
///
///
///
/// If you are programming for Active Directory, you may be able to call certain Active Directory Service Interface (ADSI) methods to
/// achieve the same functionality you can achieve by calling the network management user modal functions. For more information, see IADsDomain.
///
///
/// If you call this function on a domain controller that is running Active Directory, access is allowed or denied based on the
/// access control list (ACL) for the securable object. The default ACL permits only Domain Admins and Account Operators to call this
/// function. On a member server or workstation, only Administrators and Power Users can call this function. For more information,
/// see Security Requirements for the Network Management Functions. For more information on ACLs, ACEs, and access tokens, see Access
/// Control Model.
///
///
/// The security descriptor of the Domain object is used to perform the access check for this function. Typically, callers must have
/// write access to the entire object for calls to this function to succeed.
///
///
/// If the NetUserModalsSet function returns ERROR_INVALID_PARAMETER, you can use the parm_err parameter to indicate the first
/// member of the information structure that is invalid. (The information structure begins with USER_MODALS_INFO_ and its format is
/// specified by the level parameter.) The following table lists the values that can be returned in the parm_err parameter and the
/// corresponding structure member that is in error. (The prefix usrmod*_ indicates that the member can begin with multiple prefixes,
/// for example, usrmod2_ or usrmod1002_.)
///
///
///
/// Value
/// Member
///
/// -
/// MODALS_MIN_PASSWD_LEN_PARMNUM
/// usrmod*_min_passwd_len
///
/// -
/// MODALS_MAX_PASSWD_AGE_PARMNUM
/// usrmod*_max_passwd_age
///
/// -
/// MODALS_MIN_PASSWD_AGE_PARMNUM
/// usrmod*_min_passwd_age
///
/// -
/// MODALS_FORCE_LOGOFF_PARMNUM
/// usrmod*_force_logoff
///
/// -
/// MODALS_PASSWD_HIST_LEN_PARMNUM
/// usrmod*_password_hist_len
///
/// -
/// MODALS_ROLE_PARMNUM
/// usrmod*_role
///
/// -
/// MODALS_PRIMARY_PARMNUM
/// usrmod*_primary
///
/// -
/// MODALS_DOMAIN_NAME_PARMNUM
/// usrmod*_domain_name
///
/// -
/// MODALS_DOMAIN_ID_PARMNUM
/// usrmod*_domain_id
///
/// -
/// MODALS_LOCKOUT_DURATION_PARMNUM
/// usrmod*_lockout_duration
///
/// -
/// MODALS_LOCKOUT_OBSERVATION_WINDOW_PARMNUM
/// usrmod*_lockout_observation_window
///
/// -
/// MODALS_LOCKOUT_THRESHOLD_PARMNUM
/// usrmod*_lockout_threshold
///
///
/// Examples
///
/// The following code sample demonstrates how to set the global information for all users and global groups with a call to the
/// NetUserModalsSet function. The sample fills in the members of the USER_MODALS_INFO_0 structure and calls
/// NetUserModalsSet, specifying information level 0.
///
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/nf-lmaccess-netusermodalsset NET_API_STATUS NET_API_FUNCTION
// NetUserModalsSet( LPCWSTR servername, DWORD level, LPBYTE buf, LPDWORD parm_err );
[DllImport(Lib.NetApi32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)]
[PInvokeData("lmaccess.h", MSDNShortId = "9884e076-ee6a-4aca-abe6-a79754667759")]
public static extern Win32Error NetUserModalsSet([Optional] string servername, uint level, IntPtr buf, out uint parm_err);
/// The NetUserSetGroups function sets global group memberships for a specified user account.
///
/// A pointer to a constant string that specifies the DNS or NetBIOS name of the remote server on which the function is to execute.
/// If this parameter is NULL, the local computer is used.
///
///
/// A pointer to a constant string that specifies the name of the user for which to set global group memberships. For more
/// information, see the Remarks section.
///
///
/// The information level of the data. This parameter can be one of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// 0
/// The buf parameter points to an array of GROUP_USERS_INFO_0 structures that specifies global group names.
///
/// -
/// 1
/// The buf parameter points to an array of GROUP_USERS_INFO_1 structures that specifies global group names with attributes.
///
///
///
/// A pointer to the buffer that specifies the data. For more information, see Network Management Function Buffers.
/// The number of entries contained in the array pointed to by the buf parameter.
///
/// If the function succeeds, the return value is NERR_Success.
/// If the function fails, the return value can be one of the following error codes.
///
///
/// Return code
/// Description
///
/// -
/// ERROR_ACCESS_DENIED
/// The user does not have access to the requested information.
///
/// -
/// ERROR_INVALID_LEVEL
///
/// The system call level is not correct. This error is returned if the level parameter was specified as a value other than 0 or 1.
///
///
/// -
/// ERROR_INVALID_PARAMETER
/// A parameter passed was not valid. This error is returned if the num_entries parameter was not valid.
///
/// -
/// ERROR_NOT_ENOUGH_MEMORY
/// Insufficient memory was available to complete the operation.
///
/// -
/// NERR_InvalidComputer
/// The computer name is invalid.
///
/// -
/// NERR_NotPrimary
/// The operation is allowed only on the primary domain controller of the domain.
///
/// -
/// NERR_GroupNotFound
///
/// The group group name specified by the grui0_name in the GROUP_USERS_INFO_0 structure or grui1_name member in the
/// GROUP_USERS_INFO_1 structure pointed to by the buf parameter does not exist.
///
///
/// -
/// NERR_InternalError
/// An internal error occurred.
///
/// -
/// NERR_UserNotFound
/// The user name could not be found.
///
///
///
///
///
/// If you are programming for Active Directory, you may be able to call certain Active Directory Service Interface (ADSI) methods to
/// achieve the same functionality you can achieve by calling the network management user functions. For more information, see
/// IADsUser and IADsComputer.
///
///
/// If you call this function on a domain controller that is running Active Directory, access is allowed or denied based on the
/// access control list (ACL) for the securable object. The default ACL permits only Domain Admins and Account Operators to call this
/// function. On a member server or workstation, only Administrators and Power Users can call this function. For more information,
/// see Security Requirements for the Network Management Functions. For more information on ACLs, ACEs, and access tokens, see Access
/// Control Model.
///
/// The security descriptor of the User object is used to perform the access check for this function.
/// To grant a user membership in one existing global group, you can call the NetGroupAddUser function.
///
/// User account names are limited to 20 characters and group names are limited to 256 characters. In addition, account names cannot
/// be terminated by a period and they cannot include commas or any of the following printable characters: ", /, , [, ], :, |, <,
/// >, +, =, ;, ?, *. Names also cannot include characters in the range 1-31, which are non-printable.
///
/// Examples
///
/// The following code sample demonstrates how to set global group memberships for a user account with a call to the
/// NetUserSetGroups function. The code sample fills in the grui0_name member of the GROUP_USERS_INFO_0 structure and
/// calls NetUserSetGroups, specifying information level 0.
///
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/nf-lmaccess-netusersetgroups NET_API_STATUS NET_API_FUNCTION
// NetUserSetGroups( LPCWSTR servername, LPCWSTR username, DWORD level, LPBYTE buf, DWORD num_entries );
[DllImport(Lib.NetApi32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)]
[PInvokeData("lmaccess.h", MSDNShortId = "7042c43a-09d1-4179-8074-eb055dc279a6")]
public static extern Win32Error NetUserSetGroups([Optional] string servername, string username, uint level, IntPtr buf, uint num_entries);
/// The NetUserSetInfo function sets the parameters of a user account.
///
/// A pointer to a constant string that specifies the DNS or NetBIOS name of the remote server on which the function is to execute.
/// If this parameter is NULL, the local computer is used.
///
///
/// A pointer to a constant string that specifies the name of the user account for which to set information. For more information,
/// see the following Remarks section.
///
///
/// The information level of the data. This parameter can be one of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// 0
///
/// Specifies the user account name. The buf parameter points to a USER_INFO_0 structure. Use this structure to specify a new group
/// name. For more information, see the following Remarks section.
///
///
/// -
/// 1
/// Specifies detailed information about the user account. The buf parameter points to a USER_INFO_1 structure.
///
/// -
/// 2
///
/// Specifies level one information and additional attributes about the user account. The buf parameter points to a USER_INFO_2 structure.
///
///
/// -
/// 3
///
/// Specifies level two information and additional attributes about the user account. This level is valid only on servers. The buf
/// parameter points to a USER_INFO_3 structure. Note that it is recommended that you use USER_INFO_4 instead.
///
///
/// -
/// 4
///
/// Specifies level two information and additional attributes about the user account. This level is valid only on servers. The buf
/// parameter points to a USER_INFO_4 structure.
///
///
/// -
/// 21
/// Specifies a one-way encrypted LAN Manager 2.x-compatible password. The buf parameter points to a USER_INFO_21 structure.
///
/// -
/// 22
/// Specifies detailed information about the user account. The buf parameter points to a USER_INFO_22 structure.
///
/// -
/// 1003
/// Specifies a user password. The buf parameter points to a USER_INFO_1003 structure.
///
/// -
/// 1005
/// Specifies a user privilege level. The buf parameter points to a USER_INFO_1005 structure.
///
/// -
/// 1006
/// Specifies the path of the home directory for the user. The buf parameter points to a USER_INFO_1006 structure.
///
/// -
/// 1007
/// Specifies a comment to associate with the user account. The buf parameter points to a USER_INFO_1007 structure.
///
/// -
/// 1008
/// Specifies user account attributes. The buf parameter points to a USER_INFO_1008 structure.
///
/// -
/// 1009
/// Specifies the path for the user's logon script file. The buf parameter points to a USER_INFO_1009 structure.
///
/// -
/// 1010
/// Specifies the user's operator privileges. The buf parameter points to a USER_INFO_1010 structure.
///
/// -
/// 1011
/// Specifies the full name of the user. The buf parameter points to a USER_INFO_1011 structure.
///
/// -
/// 1012
/// Specifies a comment to associate with the user. The buf parameter points to a USER_INFO_1012 structure.
///
/// -
/// 1014
/// Specifies the names of workstations from which the user can log on. The buf parameter points to a USER_INFO_1014 structure.
///
/// -
/// 1017
/// Specifies when the user account expires. The buf parameter points to a USER_INFO_1017 structure.
///
/// -
/// 1020
/// Specifies the times during which the user can log on. The buf parameter points to a USER_INFO_1020 structure.
///
/// -
/// 1024
/// Specifies the user's country/region code. The buf parameter points to a USER_INFO_1024 structure.
///
/// -
/// 1051
///
/// Specifies the relative identifier of a global group that represents the enrolled user. The buf parameter points to a
/// USER_INFO_1051 structure.
///
///
/// -
/// 1052
/// Specifies the path to a network user's profile. The buf parameter points to a USER_INFO_1052 structure.
///
/// -
/// 1053
/// Specifies the drive letter assigned to the user's home directory. The buf parameter points to a USER_INFO_1053 structure.
///
///
///
///
/// A pointer to the buffer that specifies the data. The format of this data depends on the value of the level parameter. For more
/// information, see Network Management Function Buffers.
///
///
/// A pointer to a value that receives the index of the first member of the user information structure that causes
/// ERROR_INVALID_PARAMETER. If this parameter is NULL, the index is not returned on error. For more information, see the
/// following Remarks section.
///
///
/// If the function succeeds, the return value is NERR_Success.
/// If the function fails, the return value can be one of the following error codes.
///
///
/// Return code
/// Description
///
/// -
/// ERROR_ACCESS_DENIED
/// The user does not have access to the requested information.
///
/// -
/// ERROR_INVALID_PARAMETER
/// One of the function parameters is invalid. For more information, see the following Remarks section.
///
/// -
/// NERR_InvalidComputer
/// The computer name is invalid.
///
/// -
/// NERR_NotPrimary
/// The operation is allowed only on the primary domain controller of the domain.
///
/// -
/// NERR_SpeGroupOp
///
/// The operation is not allowed on specified special groups, which are user groups, admin groups, local groups, or guest groups.
///
///
/// -
/// NERR_LastAdmin
/// The operation is not allowed on the last administrative account.
///
/// -
/// NERR_BadPassword
/// The share name or password is invalid.
///
/// -
/// NERR_PasswordTooShort
///
/// The password is shorter than required. (The password could also be too long, be too recent in its change history, not have enough
/// unique characters, or not meet another password policy requirement.)
///
///
/// -
/// NERR_UserNotFound
/// The user name could not be found.
///
///
///
///
///
/// If you are programming for Active Directory, you may be able to call certain Active Directory Service Interface (ADSI) methods to
/// achieve the same functionality you can achieve by calling the network management user functions. For more information, see
/// IADsUser and IADsComputer.
///
///
/// If you call this function on a domain controller that is running Active Directory, access is allowed or denied based on the
/// access control list (ACL) for the securable object. The default ACL permits only Domain Admins and Account Operators to call this
/// function. On a member server or workstation, only Administrators and Power Users can call this function. For more information,
/// see Security Requirements for the Network Management Functions. For more information on ACLs, ACEs, and access tokens, see Access
/// Control Model.
///
/// The security descriptor of the User object is used to perform the access check for this function.
///
/// Only users or applications having administrative privileges can call the NetUserSetInfo function to change a user's
/// password. When an administrator calls NetUserSetInfo, the only restriction applied is that the new password length must be
/// consistent with system modals. A user or application that knows a user's current password can call the NetUserChangePassword
/// function to change the password. For more information about calling functions that require administrator privileges, see Running
/// with Special Privileges.
///
///
/// Members of the Administrators local group can set any modifiable user account elements. All users can set the
/// usri2_country_code member of the USER_INFO_2 structure (and the usri1024_country_code member of the USER_INFO_1024
/// structure) for their own accounts.
///
///
/// A member of the Account Operator's local group cannot set details for an Administrators class account, give an existing account
/// Administrator privilege, or change the operator privilege of any account. If you attempt to change the privilege level or disable
/// the last account with Administrator privilege in the security database, (the security accounts manager (SAM) database or, in the
/// case of domain controllers, the Active Directory), the NetUserSetInfo function fails and returns NERR_LastAdmin.
///
/// To set the following user account control flags, the following privileges and control access rights are required.
///
///
/// Account control flag
/// Privilege or right required
///
/// -
/// UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION
/// SeEnableDelegationPrivilege privilege, which is granted to Administrators by default.
///
/// -
/// UF_TRUSTED_FOR_DELEGATION
/// SeEnableDelegationPrivilege.
///
/// -
/// UF_PASSWD_NOTREQD
/// "Update password not required" control access right on the Domain object, which is granted to authenticated users by default.
///
/// -
/// UF_DONT_EXPIRE_PASSWD
/// "Unexpire password" control access right on the Domain object, which is granted to authenticated users by default.
///
/// -
/// UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED
///
/// "Enable per user reversibly encrypted password" control access right on the Domain object, which is granted to authenticated
/// users by default.
///
///
/// -
/// UF_SERVER_TRUST_ACCOUNT
/// "Add/remove replica in domain" control access right on the Domain object, which is granted to Administrators by default.
///
///
/// For a list of privilege constants, see Authorization Constants.
///
/// The correct way to specify the new name for an account is to call NetUserSetInfo with USER_INFO_0 and to specify the new
/// value using the usri0_name member. If you call NetUserSetInfo with other information levels and specify a value
/// using a usriX_name member, the value is ignored.
///
///
/// Note that calls to NetUserSetInfo can change the home directory only for user accounts that the network server creates.
///
///
/// If the NetUserSetInfo function returns ERROR_INVALID_PARAMETER, you can use the parm_err parameter to indicate the first
/// member of the user information structure that is invalid. (A user information structure begins with USER_INFO_ and its format is
/// specified by the level parameter.) The following table lists the values that can be returned in the parm_err parameter and the
/// corresponding structure member that is in error. (The prefix usri*_ indicates that the member can begin with multiple prefixes,
/// for example, usri10_ or usri1003_.)
///
///
///
/// Value
/// Member
///
/// -
/// USER_NAME_PARMNUM
/// usri*_name
///
/// -
/// USER_PASSWORD_PARMNUM
/// usri*_password
///
/// -
/// USER_PASSWORD_AGE_PARMNUM
/// usri*_password_age
///
/// -
/// USER_PRIV_PARMNUM
/// usri*_priv
///
/// -
/// USER_HOME_DIR_PARMNUM
/// usri*_home_dir
///
/// -
/// USER_COMMENT_PARMNUM
/// usri*_comment
///
/// -
/// USER_FLAGS_PARMNUM
/// usri*_flags
///
/// -
/// USER_SCRIPT_PATH_PARMNUM
/// usri*_script_path
///
/// -
/// USER_AUTH_FLAGS_PARMNUM
/// usri*_auth_flags
///
/// -
/// USER_FULL_NAME_PARMNUM
/// usri*_full_name
///
/// -
/// USER_USR_COMMENT_PARMNUM
/// usri*_usr_comment
///
/// -
/// USER_PARMS_PARMNUM
/// usri*_parms
///
/// -
/// USER_WORKSTATIONS_PARMNUM
/// usri*_workstations
///
/// -
/// USER_LAST_LOGON_PARMNUM
/// usri*_last_logon
///
/// -
/// USER_LAST_LOGOFF_PARMNUM
/// usri*_last_logoff
///
/// -
/// USER_ACCT_EXPIRES_PARMNUM
/// usri*_acct_expires
///
/// -
/// USER_MAX_STORAGE_PARMNUM
/// usri*_max_storage
///
/// -
/// USER_UNITS_PER_WEEK_PARMNUM
/// usri*_units_per_week
///
/// -
/// USER_LOGON_HOURS_PARMNUM
/// usri*_logon_hours
///
/// -
/// USER_PAD_PW_COUNT_PARMNUM
/// usri*_bad_pw_count
///
/// -
/// USER_NUM_LOGONS_PARMNUM
/// usri*_num_logons
///
/// -
/// USER_LOGON_SERVER_PARMNUM
/// usri*_logon_server
///
/// -
/// USER_COUNTRY_CODE_PARMNUM
/// usri*_country_code
///
/// -
/// USER_CODE_PAGE_PARMNUM
/// usri*_code_page
///
/// -
/// USER_PRIMARY_GROUP_PARMNUM
/// usri*_primary_group_id
///
/// -
/// USER_PROFILE_PARMNUM
/// usri*_profile
///
/// -
/// USER_HOME_DIR_DRIVE_PARMNUM
/// usri*_home_dir_drive
///
///
///
/// User account names are limited to 20 characters and group names are limited to 256 characters. In addition, account names cannot
/// be terminated by a period and they cannot include commas or any of the following printable characters: ", /, , [, ], :, |, <,
/// >, +, =, ;, ?, *. Names also cannot include characters in the range 1-31, which are non-printable.
///
///
/// The NetUserSetInfo function does not control how the password parameters are secured when sent over the network to a
/// remote server to change a user password. Any encryption of these parameters is handled by the Remote Procedure Call (RPC)
/// mechanism supported by the network redirector that provides the network transport. Encryption is also controlled by the security
/// mechanisms supported by the local computer and the security mechanisms supported by remote network server specified in the
/// servername parameter. For more details on security when the Microsoft network redirector is used and the remote network server is
/// running Microsoft Windows, see the protocol documentation for MS-RPCE and MS-SAMR.
///
/// Examples
///
/// The following code sample demonstrates how to disable a user account with a call to the NetUserSetInfo function. The code
/// sample fills in the usri1008_flags member of the USER_INFO_1008 structure, specifying the value UF_ACCOUNTDISABLE. Then
/// the sample calls NetUserSetInfo, specifying information level 0.
///
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/nf-lmaccess-netusersetinfo NET_API_STATUS NET_API_FUNCTION
// NetUserSetInfo( LPCWSTR servername, LPCWSTR username, DWORD level, LPBYTE buf, LPDWORD parm_err );
[DllImport(Lib.NetApi32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)]
[PInvokeData("lmaccess.h", MSDNShortId = "ffe49d4b-e7e8-4982-8087-59bb7534b257")]
public static extern Win32Error NetUserSetInfo([Optional] string servername, string username, uint level, IntPtr buf, out uint parm_err);
///
/// The NetValidatePasswordPolicy function allows an application to check password compliance against an application-provided
/// account database and verify that passwords meet the complexity, aging, minimum length, and history reuse requirements of a
/// password policy.
///
///
/// A pointer to a constant Unicode string specifying the name of the remote server on which the function is to execute. This string
/// must begin with \ followed by the remote server name. If this parameter is NULL, the local computer is used.
///
/// Reserved for future use. This parameter must be NULL.
///
/// The type of password validation to perform. This parameter must be one of the following enumerated constant values.
///
///
/// A pointer to a structure that depends on the type of password validation to perform. The type of structure depends on the value
/// of the ValidationType parameter. For more information, see the description of the ValidationType parameter.
///
///
///
/// If the NetValidatePasswordPolicy function succeeds (the return value is Nerr_Success), then the function allocates
/// an buffer that contains the results of the operation. The OutputArg parameter contains a pointer to a NET_VALIDATE_OUTPUT_ARG
/// structure. The application must examine ValidationStatus member in the NET_VALIDATE_OUTPUT_ARG structure pointed to
/// by the OutputArg parameter to determine the results of the password policy validation check. The NET_VALIDATE_OUTPUT_ARG
/// structure contains a NET_VALIDATE_PERSISTED_FIELDS structure with changes to persistent password-related information, and the
/// results of the password validation. The application must plan to persist all persisted the fields in the
/// NET_VALIDATE_PERSISTED_FIELDS structure aside from the ValidationStatus member as information along with the user
/// object information and provide the required fields from the persisted information when calling this function in the future on the
/// same user object.
///
///
/// If the NetValidatePasswordPolicy function fails (the return value is nonzero), then OutputArg parameter is set to a
/// NULL pointer and password policy could not be examined.
///
/// For more information, see the Return Values and Remarks sections.
///
///
///
/// If the function succeeds, and the password is authenticated, changed, or reset, the return value is NERR_Success and the function
/// allocates an OutputArg parameter.
///
///
/// If the function fails, the OutputArg parameter is NULL and the return value is a system error code that can be one of the
/// following error codes. For a list of all possible error codes, see System Error Codes.
///
///
///
/// Return code
/// Description
///
/// -
/// ERROR_INVALID_PARAMETER
///
/// A parameter is incorrect. This error is returned if the InputArg or OutputArg parameters are NULL. This error is also returned if
/// the Qualifier parameter is not NULL or if the ValidationType parameter is not one of the allowed values.
///
///
/// -
/// ERROR_NOT_ENOUGH_MEMORY
/// Not enough memory is available to complete the operation.
///
///
///
///
///
/// The NetValidatePasswordPolicy function is designed to allow applications to validate passwords for users that are in an
/// account database provided by the application. This function can also be used to verify that passwords meet the complexity, aging,
/// minimum length, and history reuse requirements of a password policy. This function also provides the means for an application to
/// implement an account-lockout mechanism.
///
///
/// The NetValidatePasswordPolicy function does not validate passwords in Active Directory accounts and cannot be used for
/// this purpose. The only policy that this function checks a password against in Active Directory accounts is the password
/// complexity (the password strength).
///
///
/// A typical scenario for the use of the NetValidatePasswordPolicy function would be enforcing the choice of strong passwords
/// by users for web applications and applications that allow password-protected documents. Another use of this function could be
/// checking password complexity in a situation in which a password is attached to a functional operation rather than to a user
/// account; for example, passwords that are used with Secure Multipurpose Internet Mail Extensions (S/MIME) certificate-based public keys.
///
///
/// If the NetValidatePasswordPolicy function is called on a domain controller that is running Active Directory, access is
/// allowed or denied based on the ACL for the securable object. The default ACL permits all authenticated users and members of the
/// "Pre-Windows 2000 compatible access" group to view the information. If you call this function on a member server or workstation,
/// all authenticated users can view the information. For information about anonymous access and restricting anonymous access on
/// these platforms, see Security Requirements for the Network Management Functions. For more information on ACLs, ACEs, and access
/// tokens, see Access Control Model.
///
///
/// The security descriptor of the Domain object is used to perform the access check for the NetValidatePasswordPolicy function.
///
///
/// To call NetValidatePasswordPolicy in a security context that is not the default, first call the LogonUser function,
/// specifying LOGON32_LOGON_NEW_CREDENTIALS in the dwLogonType parameter, and then call NetValidatePasswordPolicy under
/// impersonation. For more information about impersonation, see Client Impersonation.
///
///
/// If the return code of the NetValidatePasswordPolicy function is Nerr_Success then the function allocates a buffer
/// pointed to by the OutputArg parameter that contains a NET_VALIDATE_OUTPUT_ARG structure with the results of the operation. The
/// application must examine ValidationStatus member in the NET_VALIDATE_OUTPUT_ARG structure to determine the results
/// of the password policy validation check. For more information, see NET_VALIDATE_OUTPUT_ARG.
///
///
/// Note that it is the application's responsibility to save all the data in the ChangedPersistedFields member of the
/// NET_VALIDATE_OUTPUT_ARG structure as well as any User object information. The next time the application calls
/// NetValidatePasswordPolicy on the same instance of the User object, the application must provide the required fields from
/// the persistent information.
///
///
/// When you call NetValidatePasswordPolicy and specify NET_VALIDATE_PASSWORD_CHANGE_INPUT_ARG or
/// NET_VALIDATE_PASSWORD_RESET_INPUT_ARG in InputArg parameter, the call also validates the password by passing it through the
/// password filter DLL that the computer is configured to use. For more information about password filters, see Using Password Filters.
///
///
/// If the return value from the NetValidatePasswordPolicy function is nonzero then OutputArg parameter is set to NULL
/// and password policy could not be examined.
///
///
/// The NetValidatePasswordPolicyFree function should be called after calling NetValidatePasswordPolicy to free the memory
/// allocated for the OutputArg parameter that is returned by the call to the NetValidatePasswordPolicy function.
///
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/nf-lmaccess-netvalidatepasswordpolicy NET_API_STATUS
// NET_API_FUNCTION NetValidatePasswordPolicy( IN LPCWSTR ServerName, IN LPVOID Qualifier, IN NET_VALIDATE_PASSWORD_TYPE
// ValidationType, IN LPVOID InputArg, OUT LPVOID *OutputArg );
[DllImport(Lib.NetApi32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)]
[PInvokeData("lmaccess.h", MSDNShortId = "be5ce51b-6568-49c8-954d-7b0d4bcb8611")]
public static extern Win32Error NetValidatePasswordPolicy([Optional] string ServerName, [Optional] IntPtr Qualifier, NET_VALIDATE_PASSWORD_TYPE ValidationType, IntPtr InputArg, out SafePwdPolicy OutputArg);
///
/// The NetValidatePasswordPolicyFree function frees the memory that the NetValidatePasswordPolicy function allocates for the
/// OutputArg parameter, which is a NET_VALIDATE_OUTPUT_ARG structure.
///
///
/// Pointer to the memory allocated for the OutputArg parameter by a call to the NetValidatePasswordPolicy function.
///
///
///
/// If the function frees the memory, or if there is no memory to free from a previous call to NetValidatePasswordPolicy, the
/// return value is NERR_Success.
///
/// If the function fails, the return value is a system error code. For a list of error codes, see System Error Codes.
///
/// No special group membership is required to successfully execute this function.
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/nf-lmaccess-netvalidatepasswordpolicyfree NET_API_STATUS
// NET_API_FUNCTION NetValidatePasswordPolicyFree( IN LPVOID *OutputArg );
[DllImport(Lib.NetApi32, SetLastError = false, ExactSpelling = true, CharSet = CharSet.Unicode)]
[PInvokeData("lmaccess.h", MSDNShortId = "263834cd-a0e2-4ec0-9cb1-c03eb198de3a")]
public static extern Win32Error NetValidatePasswordPolicyFree(in IntPtr OutputArg);
///
/// The GROUP_INFO_0 structure contains the name of a global group in the security database, which is the security accounts
/// manager (SAM) database or, in the case of domain controllers, the Active Directory.
///
///
/// User account names are limited to 20 characters and group names are limited to 256 characters. In addition, account names cannot
/// be terminated by a period and they cannot include commas or any of the following printable characters: ", /, , [, ], :, |, <,
/// >, +, =, ;, ?, *. Names also cannot include characters in the range 1-31, which are non-printable.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-group_info_0 typedef struct _GROUP_INFO_0 { LPWSTR
// grpi0_name; } GROUP_INFO_0, *PGROUP_INFO_0, *LPGROUP_INFO_0;
[PInvokeData("lmaccess.h", MSDNShortId = "019796d1-b987-45d2-90df-1d3b484217a9")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct GROUP_INFO_0
{
///
///
/// Pointer to a null-terminated Unicode character string that specifies the name of the global group. For more information, see
/// the following Remarks section.
///
/// When you call the NetGroupSetInfo function this member specifies the new name of the global group.
///
public string grpi0_name;
}
/// The GROUP_INFO_1 structure contains a global group name and a comment to associate with the group.
///
/// User account names are limited to 20 characters and group names are limited to 256 characters. In addition, account names cannot
/// be terminated by a period and they cannot include commas or any of the following printable characters: ", /, , [, ], :, |, <,
/// >, +, =, ;, ?, *. Names also cannot include characters in the range 1-31, which are non-printable.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_group_info_1 typedef struct _GROUP_INFO_1 { LPWSTR
// grpi1_name; LPWSTR grpi1_comment; } GROUP_INFO_1, *PGROUP_INFO_1, *LPGROUP_INFO_1;
[PInvokeData("lmaccess.h", MSDNShortId = "0b42a438-64fd-4f37-98b8-77e10c09548c")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct GROUP_INFO_1
{
///
///
/// Pointer to a null-terminated Unicode character string that specifies the name of the global group. For more information, see
/// the following Remarks section.
///
/// When you call the NetGroupSetInfo function this member is ignored.
///
public string grpi1_name;
///
/// Pointer to a null-terminated Unicode character string that specifies a remark associated with the global group. This member
/// can be a null string. The comment can contain MAXCOMMENTSZ characters.
///
public string grpi1_comment;
}
/// The GROUP_INFO_1002 structure contains a comment to associate with a global group.
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_group_info_1002 typedef struct _GROUP_INFO_1002 {
// LPWSTR grpi1002_comment; } GROUP_INFO_1002, *PGROUP_INFO_1002, *LPGROUP_INFO_1002;
[PInvokeData("lmaccess.h", MSDNShortId = "9c322ef5-4f98-44ad-8b57-40f8533eb9c1")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct GROUP_INFO_1002
{
///
/// Pointer to a null-terminated Unicode character string that contains a remark to associate with the global group. This member
/// can be a null string. The comment can contain MAXCOMMENTSZ characters.
///
public string grpi1002_comment;
}
/// The GROUP_INFO_1005 structure contains the resource attributes associated with a global group.
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_group_info_1005 typedef struct _GROUP_INFO_1005 { DWORD
// grpi1005_attributes; } GROUP_INFO_1005, *PGROUP_INFO_1005, *LPGROUP_INFO_1005;
[PInvokeData("lmaccess.h", MSDNShortId = "bd93820a-e019-45f4-88c7-011a517955ad")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct GROUP_INFO_1005
{
///
/// These attributes are hard-coded to SE_GROUP_MANDATORY, SE_GROUP_ENABLED, and SE_GROUP_ENABLED_BY_DEFAULT. For more
/// information, see TOKEN_GROUPS.
///
public GroupAttributes grpi1005_attributes;
}
///
///
/// The GROUP_INFO_2 structure contains information about a global group, including name, identifier, and resource attributes.
///
/// It is recommended that you use the GROUP_INFO_3 structure instead.
///
///
/// User account names are limited to 20 characters and group names are limited to 256 characters. In addition, account names cannot
/// be terminated by a period and they cannot include commas or any of the following printable characters: ", /, , [, ], :, |, <,
/// >, +, =, ;, ?, *. Names also cannot include characters in the range 1-31, which are non-printable.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_group_info_2 typedef struct _GROUP_INFO_2 { LPWSTR
// grpi2_name; LPWSTR grpi2_comment; DWORD grpi2_group_id; DWORD grpi2_attributes; } GROUP_INFO_2, *PGROUP_INFO_2;
[PInvokeData("lmaccess.h", MSDNShortId = "2c17a70c-7b62-4dcc-9dc6-2f4b8c41d6ec")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct GROUP_INFO_2
{
///
///
/// Pointer to a null-terminated Unicode character string that specifies the name of the global group. For more information, see
/// the following Remarks section.
///
/// When you call the NetGroupSetInfo function this member is ignored.
///
public string grpi2_name;
///
/// Pointer to a null-terminated Unicode character string that contains a remark associated with the global group. This member
/// can be a null string. The comment can contain MAXCOMMENTSZ characters.
///
public string grpi2_comment;
///
/// The relative identifier (RID) of the global group. The NetUserAdd and NetUserSetInfo functions ignore this member. For more
/// information about RIDs, see SID Components.
///
public uint grpi2_group_id;
///
/// These attributes are hard-coded to SE_GROUP_MANDATORY, SE_GROUP_ENABLED, and SE_GROUP_ENABLED_BY_DEFAULT. For more
/// information, see TOKEN_GROUPS.
///
public GroupAttributes grpi2_attributes;
}
///
/// The GROUP_INFO_3 structure contains information about a global group, including name, security identifier (SID), and
/// resource attributes.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_group_info_3 typedef struct _GROUP_INFO_3 { LPWSTR
// grpi3_name; LPWSTR grpi3_comment; PSID grpi3_group_sid; DWORD grpi3_attributes; } GROUP_INFO_3, *PGROUP_INFO_3;
[PInvokeData("lmaccess.h", MSDNShortId = "aa0c3b6e-ab27-48b9-a37f-5cceb63c70fd")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct GROUP_INFO_3
{
///
/// Pointer to a null-terminated Unicode character string that specifies the name of the global group.
/// When you call the NetGroupSetInfo function this member is ignored.
///
public string grpi3_name;
///
/// Pointer to a null-terminated Unicode character string that contains a remark associated with the global group. This member
/// can be a null string. The comment can contain MAXCOMMENTSZ characters.
///
public string grpi3_comment;
///
/// Pointer to a SID structure that contains the security identifier (SID) that uniquely identifies the global group. The
/// NetUserAdd and NetUserSetInfo functions ignore this member.
///
public PSID grpi3_group_sid;
///
/// These attributes are hard-coded to SE_GROUP_MANDATORY, SE_GROUP_ENABLED, and SE_GROUP_ENABLED_BY_DEFAULT. For more
/// information, see TOKEN_GROUPS.
///
public GroupAttributes grpi3_attributes;
}
/// The GROUP_USERS_INFO_0 structure contains global group member information.
///
///
/// If you are calling the NetGroupGetUsers function or the NetGroupSetUsers function, the grui0_name member contains the name
/// of a user that is a member of the specified group.
///
///
/// If you are calling the NetUserGetGroups function or the NetUserSetGroups function, the grui0_name member contains the name
/// of a global group to which the specified user belongs.
///
///
/// User account names are limited to 20 characters and group names are limited to 256 characters. In addition, account names cannot
/// be terminated by a period and they cannot include commas or any of the following printable characters: ", /, , [, ], :, |, <,
/// >, +, =, ;, ?, *. Names also cannot include characters in the range 1-31, which are non-printable.
///
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_group_users_info_0 typedef struct _GROUP_USERS_INFO_0 {
// LPWSTR grui0_name; } GROUP_USERS_INFO_0, *PGROUP_USERS_INFO_0, *LPGROUP_USERS_INFO_0;
[PInvokeData("lmaccess.h", MSDNShortId = "cc0e5d27-91f1-4640-bb80-e73899fabba9")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct GROUP_USERS_INFO_0
{
///
/// A pointer to a null-terminated Unicode character string that specifies a name. For more information, see the Remarks section.
///
public string grui0_name;
}
/// The GROUP_USERS_INFO_1 structure contains global group member information.
///
///
/// If you are calling the NetGroupGetUsers function or the NetGroupSetUsers function, the grui1_name member contains the name
/// of a user that is a member of the specified group.
///
///
/// If you are calling the NetUserGetGroups function or the NetUserSetGroups function, the grui1_name member contains the name
/// of a global group to which the specified user belongs.
///
///
/// User account names are limited to 20 characters and group names are limited to 256 characters. In addition, account names cannot
/// be terminated by a period and they cannot include commas or any of the following printable characters: ", /, , [, ], :, |, <,
/// >, +, =, ;, ?, *. Names also cannot include characters in the range 1-31, which are non-printable.
///
///
/// Windows Vista and later include an addition to the access control security mechanism of Windows that labels processes and other
/// securable objects with an integrity level. Internet-facing programs are at higher risk for exploits than other programs because
/// they download untrustworthy content from unknown sources. Running these programs with fewer permissions, or at a lower integrity
/// level, than other programs reduces the ability of an exploit to modify the system or harm user data files. The SE_GROUP_INTEGRITY
/// and SE_GROUP_INTEGRITY_ENABLED attributes of the grui1_attributes member are used for this purpose.
///
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_group_users_info_1 typedef struct _GROUP_USERS_INFO_1 {
// LPWSTR grui1_name; DWORD grui1_attributes; } GROUP_USERS_INFO_1, *PGROUP_USERS_INFO_1, *LPGROUP_USERS_INFO_1;
[PInvokeData("lmaccess.h", MSDNShortId = "d92e7c18-f2c7-4ea5-8bb6-fec023272dbb")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct GROUP_USERS_INFO_1
{
///
/// Type: LPWSTR
///
/// A pointer to a null-terminated Unicode character string that specifies a name. For more information, see the Remarks section.
///
///
public string grui1_name;
///
/// Type: DWORD
///
/// A set of attributes for this entry. This member can be a combination of the security group attributes defined in the Winnt.h
/// header file.
///
///
///
/// Value
/// Meaning
///
/// -
/// SE_GROUP_MANDATORY 0x00000001
/// The group is mandatory.
///
/// -
/// SE_GROUP_ENABLED_BY_DEFAULT 0x00000002
/// The group is enabled for access checks by default.
///
/// -
/// SE_GROUP_ENABLED 0x00000004
/// The group is enabled for access checks.
///
/// -
/// SE_GROUP_OWNER 0x00000008
/// The group identifies a group account for which the user of the token is the owner of the group.
///
/// -
/// SE_GROUP_USE_FOR_DENY_ONLY 0x00000010
/// The group is used for deny only purposes. When this attribute is set, the SE_GROUP_ENABLED attribute must not be set.
///
/// -
/// SE_GROUP_INTEGRITY 0x00000020
/// The group is used for integrity. This attribute is available on Windows Vista and later.
///
/// -
/// SE_GROUP_INTEGRITY_ENABLED 0x00000040
/// The group is enabled for integrity level. This attribute is available on Windows Vista and later.
///
/// -
/// SE_GROUP_LOGON_ID 0xC0000000
/// The group is used to identify a logon session associated with an access token.
///
/// -
/// SE_GROUP_RESOURCE 0x20000000
/// The group identifies a domain-local group.
///
///
///
public GroupAttributes grui1_attributes;
}
/// The LOCALGROUP_INFO_0 structure contains a local group name.
///
///
/// When you call the NetLocalGroupAdd function, this member specifies the name of a new local group. When you call the
/// NetLocalGroupSetInfo function, this member specifies the new name of an existing local group.
///
///
/// User account names are limited to 20 characters and group names are limited to 256 characters. In addition, account names cannot
/// be terminated by a period and they cannot include commas or any of the following printable characters: ", /, , [, ], :, |, <,
/// >, +, =, ;, ?, *. Names also cannot include characters in the range 1-31, which are non-printable.
///
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_localgroup_info_0 typedef struct _LOCALGROUP_INFO_0 {
// LPWSTR lgrpi0_name; } LOCALGROUP_INFO_0, *PLOCALGROUP_INFO_0, *LPLOCALGROUP_INFO_0;
[PInvokeData("lmaccess.h", MSDNShortId = "dfdb4c20-ea4a-45c9-b4f3-d6a844f89bb6")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct LOCALGROUP_INFO_0
{
///
/// Pointer to a Unicode string that specifies a local group name. For more information, see the following Remarks section.
///
public string lgrpi0_name;
}
/// The LOCALGROUP_INFO_1 structure contains a local group name and a comment describing the local group.
///
/// User account names are limited to 20 characters and group names are limited to 256 characters. In addition, account names cannot
/// be terminated by a period and they cannot include commas or any of the following printable characters: ", /, , [, ], :, |, <,
/// >, +, =, ;, ?, *. Names also cannot include characters in the range 1-31, which are non-printable.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_localgroup_info_1 typedef struct _LOCALGROUP_INFO_1 {
// LPWSTR lgrpi1_name; LPWSTR lgrpi1_comment; } LOCALGROUP_INFO_1, *PLOCALGROUP_INFO_1, *LPLOCALGROUP_INFO_1;
[PInvokeData("lmaccess.h", MSDNShortId = "b96d7ddc-3ffb-4203-88b1-4aa123051695")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct LOCALGROUP_INFO_1
{
///
/// Pointer to a Unicode string that specifies a local group name. For more information, see the following Remarks section.
/// This member is ignored when you call the NetLocalGroupSetInfo function.
///
public string lgrpi1_name;
///
/// Pointer to a Unicode string that contains a remark associated with the local group. This member can be a null string. The
/// comment can have as many as MAXCOMMENTSZ characters.
///
public string lgrpi1_comment;
}
/// The LOCALGROUP_INFO_1002 structure contains a comment describing a local group.
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_localgroup_info_1002 typedef struct
// _LOCALGROUP_INFO_1002 { LPWSTR lgrpi1002_comment; } LOCALGROUP_INFO_1002, *PLOCALGROUP_INFO_1002, *LPLOCALGROUP_INFO_1002;
[PInvokeData("lmaccess.h", MSDNShortId = "027db4a3-6722-46e8-a204-922ed97cb3f5")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct LOCALGROUP_INFO_1002
{
///
/// Pointer to a Unicode string that specifies a remark associated with the local group. This member can be a null string. The
/// comment can have as many as MAXCOMMENTSZ characters.
///
public string lgrpi1002_comment;
}
///
/// The LOCALGROUP_MEMBERS_INFO_0 structure contains the security identifier (SID) associated with a local group member. The
/// member can be a user account or a global group account.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_localgroup_members_info_0 typedef struct
// _LOCALGROUP_MEMBERS_INFO_0 { PSID lgrmi0_sid; } LOCALGROUP_MEMBERS_INFO_0, *PLOCALGROUP_MEMBERS_INFO_0, *LPLOCALGROUP_MEMBERS_INFO_0;
[PInvokeData("lmaccess.h", MSDNShortId = "e559cd90-942c-442a-b57f-7d2024523455")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct LOCALGROUP_MEMBERS_INFO_0
{
/// Pointer to a SID structure that contains the security identifier (SID) of the local group member.
public PSID lgrmi0_sid;
}
///
/// The LOCALGROUP_MEMBERS_INFO_1 structure contains the security identifier (SID) and account information associated with the
/// member of a local group.
///
///
/// User account names are limited to 20 characters and group names are limited to 256 characters. In addition, account names cannot
/// be terminated by a period and they cannot include commas or any of the following printable characters: ", /, , [, ], :, |, <,
/// >, +, =, ;, ?, *. Names also cannot include characters in the range 1-31, which are non-printable.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-localgroup_members_info_1 typedef struct
// _LOCALGROUP_MEMBERS_INFO_1 { PSID lgrmi1_sid; SID_NAME_USE lgrmi1_sidusage; LPWSTR lgrmi1_name; } LOCALGROUP_MEMBERS_INFO_1,
// *PLOCALGROUP_MEMBERS_INFO_1, *LPLOCALGROUP_MEMBERS_INFO_1;
[PInvokeData("lmaccess.h", MSDNShortId = "d6b1b729-cdd5-4ed3-a5a1-cf3a8b6cecf2")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct LOCALGROUP_MEMBERS_INFO_1
{
///
/// Type: PSID
///
/// A pointer to a SID structure that contains the security identifier (SID) of an account that is a member of this local group
/// member. The account can be a user account or a global group account.
///
///
public PSID lgrmi1_sid;
///
/// Type: SID_NAME_USE
///
/// The account type associated with the security identifier specified in the lgrmi1_sid member. The following values are valid.
///
///
///
/// Value
/// Meaning
///
/// -
/// SidTypeUser
/// The account is a user account.
///
/// -
/// SidTypeGroup
/// The account is a global group account.
///
/// -
/// SidTypeWellKnownGroup
/// The account is a well-known group account (such as Everyone). For more information, see Well-Known SIDs.
///
/// -
/// SidTypeDeletedAccount
/// The account has been deleted.
///
/// -
/// SidTypeUnknown
/// The account type cannot be determined.
///
///
///
public SID_NAME_USE lgrmi1_sidusage;
///
/// Type: LPWSTR
///
/// A pointer to the account name of the local group member identified by the lgrmi1_sid member. The lgrmi1_name
/// member does not include the domain name. For more information, see the following Remarks section.
///
///
public string lgrmi1_name;
}
///
/// The LOCALGROUP_MEMBERS_INFO_2 structure contains the security identifier (SID) and account information associated with a
/// local group member.
///
///
/// User account names are limited to 20 characters and group names are limited to 256 characters. In addition, account names cannot
/// be terminated by a period and they cannot include commas or any of the following printable characters: ", /, , [, ], :, |, <,
/// >, +, =, ;, ?, *. Names also cannot include characters in the range 1-31, which are non-printable.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-localgroup_members_info_2 typedef struct
// _LOCALGROUP_MEMBERS_INFO_2 { PSID lgrmi2_sid; SID_NAME_USE lgrmi2_sidusage; LPWSTR lgrmi2_domainandname; }
// LOCALGROUP_MEMBERS_INFO_2, *PLOCALGROUP_MEMBERS_INFO_2, *LPLOCALGROUP_MEMBERS_INFO_2;
[PInvokeData("lmaccess.h", MSDNShortId = "f5cd6e84-1111-4558-bec4-26af13f21b61")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct LOCALGROUP_MEMBERS_INFO_2
{
///
/// Type: PSID
///
/// A pointer to a SID structure that contains the security identifier (SID) of a local group member. The local group member can
/// be a user account or a global group account.
///
///
public PSID lgrmi2_sid;
///
/// Type: SID_NAME_USE
///
/// The account type associated with the security identifier specified in the lgrmi2_sid member. The following values are valid.
///
///
///
/// Value
/// Meaning
///
/// -
/// SidTypeUser
/// The account is a user account.
///
/// -
/// SidTypeGroup
/// The account is a global group account.
///
/// -
/// SidTypeWellKnownGroup
/// The account is a well-known group account (such as Everyone). For more information, see Well-Known SIDs.
///
/// -
/// SidTypeDeletedAccount
/// The account has been deleted.
///
/// -
/// SidTypeUnknown
/// The account type cannot be determined.
///
///
///
public SID_NAME_USE lgrmi2_sidusage;
///
/// Type: LPWSTR
///
/// A pointer to the account name of the local group member identified by lgrmi2_sid. The lgrmi2_domainandname
/// member includes the domain name and has the form:
///
///
///
/// <DomainName>\<AccountName>
///
///
///
public string lgrmi2_domainandname;
}
///
/// The LOCALGROUP_MEMBERS_INFO_3 structure contains the account name and domain name associated with a local group member.
///
///
/// User account names are limited to 20 characters and group names are limited to 256 characters. In addition, account names cannot
/// be terminated by a period and they cannot include commas or any of the following printable characters: ", /, , [, ], :, |, <,
/// >, +, =, ;, ?, *. Names also cannot include characters in the range 1-31, which are non-printable.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_localgroup_members_info_3 typedef struct
// _LOCALGROUP_MEMBERS_INFO_3 { LPWSTR lgrmi3_domainandname; } LOCALGROUP_MEMBERS_INFO_3, *PLOCALGROUP_MEMBERS_INFO_3, *LPLOCALGROUP_MEMBERS_INFO_3;
[PInvokeData("lmaccess.h", MSDNShortId = "e8d1d884-c955-4706-bc3e-142469b02545")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct LOCALGROUP_MEMBERS_INFO_3
{
///
/// Type: LPWSTR
///
/// Pointer to a null-terminated Unicode string specifying the account name of the local group member prefixed by the domain name
/// and the "" separator character. For example:
///
///
///
/// <DomainName>\<AccountName>
///
///
///
public string lgrmi3_domainandname;
}
/// The LOCALGROUP_USERS_INFO_0 structure contains local group member information.
///
/// User account names are limited to 20 characters and group names are limited to 256 characters. In addition, account names cannot
/// be terminated by a period and they cannot include commas or any of the following printable characters: ", /, , [, ], :, |, <,
/// >, +, =, ;, ?, *. Names also cannot include characters in the range 1-31, which are non-printable.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_localgroup_users_info_0 typedef struct
// _LOCALGROUP_USERS_INFO_0 { LPWSTR lgrui0_name; } LOCALGROUP_USERS_INFO_0, *PLOCALGROUP_USERS_INFO_0, *LPLOCALGROUP_USERS_INFO_0;
[PInvokeData("lmaccess.h", MSDNShortId = "e9358f19-ec8f-4454-896c-c9fadb848378")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct LOCALGROUP_USERS_INFO_0
{
/// Pointer to a Unicode string specifying the name of a local group to which the user belongs.
public string lgrui0_name;
}
///
/// The NET_DISPLAY_GROUP structure contains information that an account manager can access to determine information about
/// group accounts.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_net_display_group typedef struct _NET_DISPLAY_GROUP {
// LPWSTR grpi3_name; LPWSTR grpi3_comment; DWORD grpi3_group_id; DWORD grpi3_attributes; DWORD grpi3_next_index; }
// NET_DISPLAY_GROUP, *PNET_DISPLAY_GROUP;
[PInvokeData("lmaccess.h", MSDNShortId = "8e467f20-2cfb-40ae-a8b2-a5350d736eed")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct NET_DISPLAY_GROUP
{
///
/// Type: LPWSTR
/// A pointer to a Unicode string that specifies the name of the group.
///
public string grpi3_name;
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string that contains a comment associated with the group. This string can be a null string, or it can
/// have any number of characters before the terminating null character.
///
///
public string grpi3_comment;
///
/// Type: DWORD
///
/// The relative identifier (RID) of the group. The relative identifier is determined by the accounts database when the group is
/// created. It uniquely identifies the group to the account manager within the domain. The NetUserAdd and NetUserSetInfo
/// functions ignore this member. For more information about RIDs, see SID Components.
///
///
public uint grpi3_group_id;
///
/// Type: DWORD
///
/// These attributes are hard-coded to SE_GROUP_MANDATORY, SE_GROUP_ENABLED, and SE_GROUP_ENABLED_BY_DEFAULT. For more
/// information, see TOKEN_GROUPS.
///
///
public GroupAttributes grpi3_attributes;
///
/// Type: DWORD
///
/// The index of the last entry returned by the NetQueryDisplayInformation function. Pass this value as the Index parameter to
/// NetQueryDisplayInformation to return the next logical entry. Note that you should not use the value of this member for
/// any purpose except to retrieve more data with additional calls to NetQueryDisplayInformation.
///
///
public uint grpi3_next_index;
}
///
/// The NET_DISPLAY_MACHINE structure contains information that an account manager can access to determine information about
/// computers and their attributes.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_net_display_machine typedef struct _NET_DISPLAY_MACHINE
// { LPWSTR usri2_name; LPWSTR usri2_comment; DWORD usri2_flags; DWORD usri2_user_id; DWORD usri2_next_index; } NET_DISPLAY_MACHINE, *PNET_DISPLAY_MACHINE;
[PInvokeData("lmaccess.h", MSDNShortId = "bdb1bef0-51f1-41d7-97fb-bda4ad24e386")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct NET_DISPLAY_MACHINE
{
///
/// Type: LPWSTR
/// A pointer to a Unicode string that specifies the name of the computer to access.
///
public string usri2_name;
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string that contains a comment associated with the computer. This string can be a null string, or it
/// can have any number of characters before the terminating null character.
///
///
public string usri2_comment;
///
/// Type: DWORD
///
/// A set of flags that contains values that determine several features. This member can be one or more of the following values.
///
///
/// Note that setting user account control flags may require certain privileges and control access rights. For more information,
/// see the Remarks section of the NetUserSetInfo function.
///
///
///
/// Value
/// Meaning
///
/// -
/// UF_SCRIPT
/// The logon script executed. This value must be set.
///
/// -
/// UF_ACCOUNTDISABLE
/// The user's account is disabled.
///
/// -
/// UF_PASSWD_NOTREQD
/// No password is required.
///
/// -
/// UF_PASSWD_CANT_CHANGE
/// The user cannot change the password.
///
/// -
/// UF_LOCKOUT
///
/// The account is currently locked out (blocked). For the NetUserSetInfo function, this value can be cleared to unlock a
/// previously locked account. This value cannot be used to lock a previously unlocked account.
///
///
/// -
/// UF_DONT_EXPIRE_PASSWD
/// Represents the password, which will never expire on the account.
///
/// -
/// UF_TRUSTED_FOR_DELEGATION
///
/// The account is enabled for delegation. This is a security-sensitive setting; accounts with this option enabled should be
/// tightly controlled. This setting allows a service running under the account to assume a client's identity and authenticate as
/// that user to other remote servers on the network.
///
///
/// -
/// UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED
/// The user's password is stored under reversible encryption in the Active Directory.
///
/// -
/// UF_NOT_DELEGATED
/// Marks the account as "sensitive"; other users cannot act as delegates of this user account.
///
/// -
/// UF_SMARTCARD_REQUIRED
/// Requires the user to log on to the user account with a smart card.
///
/// -
/// UF_USE_DES_KEY_ONLY
/// Restrict this principal to use only Data Encryption Standard (DES) encryption types for keys.
///
/// -
/// UF_DONT_REQUIRE_PREAUTH
/// This account does not require Kerberos preauthentication for logon.
///
/// -
/// UF_PASSWORD_EXPIRED
/// The user's password has expired. Windows 2000: This value is not supported.
///
/// -
/// UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION
///
/// The account is trusted to authenticate a user outside of the Kerberos security package and delegate that user through
/// constrained delegation. This is a security-sensitive setting; accounts with this option enabled should be tightly controlled.
/// This setting allows a service running under the account to assert a client's identity and authenticate as that user to
/// specifically configured services on the network. Windows XP/2000: This value is not supported.
///
///
///
///
/// The following values describe the account type. Only one value can be set. You cannot change the account type using the
/// NetUserSetInfo function.
///
///
///
/// Value
/// Meaning
///
/// -
/// UF_NORMAL_ACCOUNT
/// A default account type that represents a typical user.
///
/// -
/// UF_TEMP_DUPLICATE_ACCOUNT
///
/// An account for users whose primary account is in another domain. This account provides user access to this domain, but not to
/// any domain that trusts this domain. The User Manager refers to this account type as a local user account.
///
///
/// -
/// UF_WORKSTATION_TRUST_ACCOUNT
/// A computer account for a workstation or a server that is a member of this domain.
///
/// -
/// UF_SERVER_TRUST_ACCOUNT
/// A computer account for a backup domain controller that is a member of this domain.
///
/// -
/// UF_INTERDOMAIN_TRUST_ACCOUNT
/// A permit to trust account for a domain that trusts other domains.
///
///
///
public UserAcctCtrlFlags usri2_flags;
///
/// Type: DWORD
///
/// The relative identifier (RID) of the computer. The relative identifier is determined by the accounts database when the
/// computer is defined. For more information about RIDS, see SID Components.
///
///
public uint usri2_user_id;
///
/// Type: DWORD
///
/// The index of the last entry returned by the NetQueryDisplayInformation function. Pass this value as the Index parameter to
/// NetQueryDisplayInformation to return the next logical entry. Note that you should not use the value of this member for
/// any purpose except to retrieve more data with additional calls to NetQueryDisplayInformation.
///
///
public uint usri2_next_index;
}
///
/// The NET_DISPLAY_USER structure contains information that an account manager can access to determine information about user accounts.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_net_display_user typedef struct _NET_DISPLAY_USER {
// LPWSTR usri1_name; LPWSTR usri1_comment; DWORD usri1_flags; LPWSTR usri1_full_name; DWORD usri1_user_id; DWORD usri1_next_index; }
// NET_DISPLAY_USER, *PNET_DISPLAY_USER;
[PInvokeData("lmaccess.h", MSDNShortId = "308966f7-448c-4748-bbe7-9ac63afae1d9")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct NET_DISPLAY_USER
{
///
/// Type: LPWSTR
/// A pointer to a Unicode string that specifies the name of the user account.
///
public string usri1_name;
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string that contains a comment associated with the user. This string can be a null string, or it can
/// have any number of characters before the terminating null character (MAXCOMMENTSZ).
///
///
public string usri1_comment;
///
/// Type: DWORD
/// A set of user account flags. This member can be one or more of the following values.
///
/// Note that setting user account control flags may require certain privileges and control access rights. For more information,
/// see the Remarks section of the NetUserSetInfo function.
///
///
///
/// Value
/// Meaning
///
/// -
/// UF_SCRIPT
/// The logon script executed. This value must be set.
///
/// -
/// UF_ACCOUNTDISABLE
/// The user's account is disabled.
///
/// -
/// UF_PASSWD_NOTREQD
/// No password is required.
///
/// -
/// UF_PASSWD_CANT_CHANGE
/// The user cannot change the password.
///
/// -
/// UF_LOCKOUT
///
/// The account is currently locked out (blocked). For the NetUserSetInfo function, this value can be cleared to unlock a
/// previously locked account. This value cannot be used to lock a previously unlocked account.
///
///
/// -
/// UF_DONT_EXPIRE_PASSWD
/// The password will never expire on the account.
///
/// -
/// UF_TRUSTED_FOR_DELEGATION
///
/// The account is enabled for delegation. This is a security-sensitive setting; accounts with this option enabled should be
/// tightly controlled. This setting allows a service running under the account to assume a client's identity and authenticate as
/// that user to other remote servers on the network.
///
///
/// -
/// UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED
/// The user's password is stored under reversible encryption in the Active Directory.
///
/// -
/// UF_NOT_DELEGATED
/// The account is marked as "sensitive"; other users cannot act as delegates of this user account.
///
/// -
/// UF_SMARTCARD_REQUIRED
/// The user is required to log on to the user account with a smart card.
///
/// -
/// UF_USE_DES_KEY_ONLY
/// This principal is restricted to use only Data Encryption Standard (DES) encryption types for keys.
///
/// -
/// UF_DONT_REQUIRE_PREAUTH
/// This account does not require Kerberos preauthentication for logon.
///
/// -
/// UF_PASSWORD_EXPIRED
/// The user's password has expired. Windows 2000: This value is not supported.
///
/// -
/// UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION
///
/// The account is trusted to authenticate a user outside of the Kerberos security package and delegate that user through
/// constrained delegation. This is a security-sensitive setting; accounts with this option enabled should be tightly controlled.
/// This setting allows a service running under the account to assert a client's identity and authenticate as that user to
/// specifically configured services on the network. Windows XP/2000: This value is not supported.
///
///
///
///
/// The following values describe the account type. Only one value can be set. You cannot change the account type using the
/// NetUserSetInfo function.
///
///
///
/// Value
/// Meaning
///
/// -
/// UF_NORMAL_ACCOUNT
/// This is a default account type that represents a typical user.
///
/// -
/// UF_TEMP_DUPLICATE_ACCOUNT
///
/// This is an account for users whose primary account is in another domain. This account provides user access to this domain,
/// but not to any domain that trusts this domain. The User Manager refers to this account type as a local user account.
///
///
/// -
/// UF_WORKSTATION_TRUST_ACCOUNT
/// This is a computer account for a workstation or a server that is a member of this domain.
///
/// -
/// UF_SERVER_TRUST_ACCOUNT
/// This is a computer account for a backup domain controller that is a member of this domain.
///
/// -
/// UF_INTERDOMAIN_TRUST_ACCOUNT
/// This is a permit to trust account for a domain that trusts other domains.
///
///
///
public UserAcctCtrlFlags usri1_flags;
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string that contains the full name of the user. This string can be a null string, or it can have any
/// number of characters before the terminating null character.
///
///
public string usri1_full_name;
///
/// Type: DWORD
///
/// The relative identifier (RID) of the user. The relative identifier is determined by the accounts database when the user is
/// created. It uniquely defines this user account to the account manager within the domain. For more information about relative
/// identifiers, see SID Components.
///
///
public uint usri1_user_id;
///
/// Type: DWORD
///
/// The index of the last entry returned by the NetQueryDisplayInformation function. Pass this value as the Index parameter to
/// NetQueryDisplayInformation to return the next logical entry. Note that you should not use the value of this member for
/// any purpose except to retrieve more data with additional calls to NetQueryDisplayInformation.
///
///
public uint usri1_next_index;
}
///
/// A client application passes the NET_VALIDATE_AUTHENTICATION_INPUT_ARG structure to the NetValidatePasswordPolicy function
/// when the application requests an authentication validation.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-net_validate_authentication_input_arg typedef struct
// _NET_VALIDATE_AUTHENTICATION_INPUT_ARG { NET_VALIDATE_PERSISTED_FIELDS InputPersistedFields; BOOLEAN PasswordMatched; }
// NET_VALIDATE_AUTHENTICATION_INPUT_ARG, *PNET_VALIDATE_AUTHENTICATION_INPUT_ARG;
[PInvokeData("lmaccess.h", MSDNShortId = "b7466e8a-81d8-4552-adff-47fc2f3ed3ad")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct NET_VALIDATE_AUTHENTICATION_INPUT_ARG
{
///
/// Specifies a NET_VALIDATE_PERSISTED_FIELDS structure that contains persistent password-related information about the account
/// being logged on.
///
public NET_VALIDATE_PERSISTED_FIELDS InputPersistedFields;
///
/// BOOLEAN value that indicates the result of the client application's authentication of the password supplied by the user. If
/// this parameter is FALSE, the password has not been authenticated.
///
[MarshalAs(UnmanagedType.U1)] public bool PasswordMatched;
}
///
/// The NET_VALIDATE_OUTPUT_ARG structure contains information about persistent password-related data that has changed since
/// the user's last logon as well as the result of the function's password validation check.
///
///
/// The NetValidatePasswordPolicy function outputs the NET_VALIDATE_OUTPUT_ARG structure.
///
/// Note that it is the application's responsibility to save all the data in the ChangedPersistedFields member of the
/// NET_VALIDATE_OUTPUT_ARG structure as well as any User object information. The next time the application calls
/// NetValidatePasswordPolicy on the same instance of the User object, the application must provide the required fields from the
/// persistent information.
///
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_net_validate_output_arg typedef struct
// _NET_VALIDATE_OUTPUT_ARG { NET_VALIDATE_PERSISTED_FIELDS ChangedPersistedFields; NET_API_STATUS ValidationStatus; }
// NET_VALIDATE_OUTPUT_ARG, *PNET_VALIDATE_OUTPUT_ARG;
[PInvokeData("lmaccess.h", MSDNShortId = "833c89c3-34ba-485b-a310-1d709aa618cd")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct NET_VALIDATE_OUTPUT_ARG
{
///
/// A structure that contains changes to persistent information about the account being logged on. For more information, see the
/// following Remarks section.
///
public NET_VALIDATE_PERSISTED_FIELDS ChangedPersistedFields;
///
///
/// The result of the password validation check performed by the NetValidatePasswordPolicy function. The status depends on the
/// value specified in the ValidationType parameter to that function.
///
///
/// Authentication. When you call NetValidatePasswordPolicy and specify the ValidationType parameter as
/// NetValidateAuthentication, this member can be one of the following values.
///
///
///
/// Value
/// Meaning
///
/// -
/// NERR_AccountLockedOut
/// Validation failed. The account is locked out.
///
/// -
/// NERR_PasswordMustChange
/// Validation failed. The password must change at the next logon.
///
/// -
/// NERR_PasswordExpired
/// Validation failed. The password has expired.
///
/// -
/// NERR_BadPassword
/// Validation failed. The password is invalid.
///
/// -
/// NERR_Success
/// The password passes the validation check.
///
///
///
/// Password change. When you call NetValidatePasswordPolicy and specify the ValidationType parameter as
/// NetValidatePasswordChange, this member can be one of the following values.
///
///
///
/// Value
/// Meaning
///
/// -
/// NERR_AccountLockedOut
/// Validation failed. The account is locked out.
///
/// -
/// NERR_PasswordTooRecent
/// Validation failed. The password for the user is too recent to change.
///
/// -
/// NERR_BadPassword
/// Validation failed. The password is invalid.
///
/// -
/// NERR_PasswordHistConflict
/// Validation failed. The password cannot be used at this time.
///
/// -
/// NERR_PasswordTooShort
/// Validation failed. The password does not meet policy requirements because it is too short.
///
/// -
/// NERR_PasswordTooLong
/// Validation failed. The password does not meet policy requirements because it is too long.
///
/// -
/// NERR_PasswordNotComplexEnough
/// Validation failed. The password does not meet policy requirements because it is not complex enough.
///
/// -
/// NERR_PasswordFilterError
/// Validation failed. The password does not meet the requirements of the password filter DLL.
///
/// -
/// NERR_Success
/// The password passes the validation check.
///
///
///
/// Password reset. When you call NetValidatePasswordPolicy and specify the ValidationType parameter as
/// NetValidatePasswordReset, this member can be one of the following values.
///
///
///
/// Value
/// Meaning
///
/// -
/// NERR_PasswordTooShort
/// Validation failed. The password does not meet policy requirements because it is too short.
///
/// -
/// NERR_PasswordTooLong
/// Validation failed. The password does not meet policy requirements because it is too long.
///
/// -
/// NERR_PasswordNotComplexEnough
/// Validation failed. The password does not meet policy requirements because it is not complex enough.
///
/// -
/// NERR_PasswordFilterError
/// Validation failed. The password does not meet the requirements of the password filter DLL.
///
/// -
/// NERR_Success
/// The password passes the validation check.
///
///
///
public Win32Error ValidationStatus;
}
///
/// A client application passes the NET_VALIDATE_PASSWORD_CHANGE_INPUT_ARG structure to the NetValidatePasswordPolicy function
/// when the application requests a password change validation.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-net_validate_password_change_input_arg typedef struct
// _NET_VALIDATE_PASSWORD_CHANGE_INPUT_ARG { NET_VALIDATE_PERSISTED_FIELDS InputPersistedFields; LPWSTR ClearPassword; LPWSTR
// UserAccountName; NET_VALIDATE_PASSWORD_HASH HashedPassword; BOOLEAN PasswordMatch; } NET_VALIDATE_PASSWORD_CHANGE_INPUT_ARG, *PNET_VALIDATE_PASSWORD_CHANGE_INPUT_ARG;
[PInvokeData("lmaccess.h", MSDNShortId = "09404998-81c5-400c-9d99-a0a4bb4095bf")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct NET_VALIDATE_PASSWORD_CHANGE_INPUT_ARG
{
///
/// Specifies a NET_VALIDATE_PERSISTED_FIELDS structure that contains persistent password-related information about the account
/// being logged on.
///
public NET_VALIDATE_PERSISTED_FIELDS InputPersistedFields;
/// Pointer to a Unicode string specifying the new password, in plaintext format.
public string ClearPassword;
/// Pointer to a Unicode string specifying the name of the user account.
public string UserAccountName;
/// Specifies a NET_VALIDATE_PASSWORD_HASH structure that contains a hash of the new password.
public NET_VALIDATE_PASSWORD_HASH HashedPassword;
///
/// BOOLEAN value that indicates the result of the client application's authentication of the password supplied by the user. If
/// this parameter is FALSE, the password has not been authenticated.
///
[MarshalAs(UnmanagedType.U1)] public bool PasswordMatch;
}
/// The NET_VALIDATE_PASSWORD_HASH structure contains a password hash.
///
/// The NET_VALIDATE_PASSWORD_RESET_INPUT_ARG and NET_VALIDATE_PASSWORD_CHANGE_INPUT_ARG structures contain a
/// NET_VALIDATE_PASSWORD_HASH structure. The NET_VALIDATE_PERSISTED_FIELDS structure contains a pointer to this structure.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_net_validate_password_hash typedef struct
// _NET_VALIDATE_PASSWORD_HASH { ULONG Length; LPBYTE Hash; } NET_VALIDATE_PASSWORD_HASH, *PNET_VALIDATE_PASSWORD_HASH;
[PInvokeData("lmaccess.h", MSDNShortId = "884e5b8c-1288-454e-862d-323d79123356")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct NET_VALIDATE_PASSWORD_HASH
{
/// Specifies the length of this structure.
public uint Length;
/// Password hash.
public IntPtr Hash;
}
///
/// A client application passes the NET_VALIDATE_PASSWORD_RESET_INPUT_ARG structure to the NetValidatePasswordPolicy function
/// when the application requests a password reset validation.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-net_validate_password_reset_input_arg typedef struct
// _NET_VALIDATE_PASSWORD_RESET_INPUT_ARG { NET_VALIDATE_PERSISTED_FIELDS InputPersistedFields; LPWSTR ClearPassword; LPWSTR
// UserAccountName; NET_VALIDATE_PASSWORD_HASH HashedPassword; BOOLEAN PasswordMustChangeAtNextLogon; BOOLEAN ClearLockout; }
// NET_VALIDATE_PASSWORD_RESET_INPUT_ARG, *PNET_VALIDATE_PASSWORD_RESET_INPUT_ARG;
[PInvokeData("lmaccess.h", MSDNShortId = "3a6d4c2d-0d90-48bf-9dfa-2ba587538350")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct NET_VALIDATE_PASSWORD_RESET_INPUT_ARG
{
///
/// Specifies a NET_VALIDATE_PERSISTED_FIELDS structure that contains persistent password-related information about the account
/// being logged on.
///
public NET_VALIDATE_PERSISTED_FIELDS InputPersistedFields;
/// Pointer to a Unicode string specifying the new password, in plaintext format.
public string ClearPassword;
/// Pointer to a Unicode string specifying the name of the user account.
public string UserAccountName;
/// Specifies a NET_VALIDATE_PASSWORD_HASH structure that contains a hash of the new password.
public NET_VALIDATE_PASSWORD_HASH HashedPassword;
///
/// BOOLEAN value that indicates whether the user must change his or her password at the next logon. If this parameter is
/// TRUE, the user must change the password at the next logon.
///
[MarshalAs(UnmanagedType.U1)] public bool PasswordMustChangeAtNextLogon;
///
/// BOOLEAN value that can reset the "lockout state" of the user account. If this member is TRUE, the account will no
/// longer be locked out. Note that an application cannot directly lock out an account. An account can be locked out only as a
/// result of exceeding the maximum number of invalid password authentications allowed for the account.
///
[MarshalAs(UnmanagedType.U1)] public bool ClearLockout;
}
///
/// The NET_VALIDATE_PERSISTED_FIELDS structure contains information about a user's password properties. Input to and output
/// from the NetValidatePasswordPolicy function contain persistent password-related data. When the function outputs this structure,
/// it identifies the persistent data that has changed in this call.
///
///
///
/// Note that it is the application's responsibility to save all changed persistent data as well as any user object information. The
/// next time the application calls NetValidatePasswordPolicy on the same instance of the user object, the application must provide
/// the required fields from the persistent information.
///
///
/// The NET_VALIDATE_AUTHENTICATION_INPUT_ARG, NET_VALIDATE_PASSWORD_CHANGE_INPUT_ARG, NET_VALIDATE_PASSWORD_RESET_INPUT_ARG, and
/// NET_VALIDATE_OUTPUT_ARG structures contain a NET_VALIDATE_PERSISTED_FIELDS structure.
///
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_net_validate_persisted_fields typedef struct
// _NET_VALIDATE_PERSISTED_FIELDS { ULONG PresentFields; FILETIME PasswordLastSet; FILETIME BadPasswordTime; FILETIME LockoutTime;
// ULONG BadPasswordCount; ULONG PasswordHistoryLength; PNET_VALIDATE_PASSWORD_HASH PasswordHistory; } NET_VALIDATE_PERSISTED_FIELDS, *PNET_VALIDATE_PERSISTED_FIELDS;
[PInvokeData("lmaccess.h", MSDNShortId = "1e6ea28a-a007-4cd1-b5d6-686bcf019fa1")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct NET_VALIDATE_PERSISTED_FIELDS
{
///
/// Type: ULONG
///
/// A set of bit flags identifying the persistent password-related data that has changed. This member is valid only when this
/// structure is output from the NetValidatePasswordPolicy function. This member is ignored when this structure is input
/// to the function. For more information, see the following Remarks section.
///
///
///
/// Value
/// Meaning
///
/// -
/// NET_VALIDATE_PASSWORD_LAST_SET
/// The PasswordLastSet member contains a new value.
///
/// -
/// NET_VALIDATE_BAD_PASSWORD_TIME
/// The BadPasswordTime member contains a new value.
///
/// -
/// NET_VALIDATE_LOCKOUT_TIME
/// The LockoutTime member contains a new value.
///
/// -
/// NET_VALIDATE_BAD_PASSWORD_COUNT
/// The BadPasswordCount member contains a new value.
///
/// -
/// NET_VALIDATE_PASSWORD_HISTORY_LENGTH
/// The PasswordHistoryLength member contains a new value.
///
/// -
/// NET_VALIDATE_PASSWORD_HISTORY
/// The PasswordHistory member contains a new value.
///
///
///
public uint PresentFields;
///
/// Type: FILETIME
/// The date and time (in GMT) when the password for the account was set or last changed.
///
public FILETIME PasswordLastSet;
///
/// Type: FILETIME
/// The date and time (in GMT) when the user tried to log on to the account using an incorrect password.
///
public FILETIME BadPasswordTime;
///
/// Type: FILETIME
///
/// The date and time (in GMT) when the account was last locked out. If the account has not been locked out, this member is zero.
/// A lockout occurs when the number of bad password logins exceeds the number allowed.
///
///
public FILETIME LockoutTime;
///
/// Type: ULONG
/// The number of times the user tried to log on to the account using an incorrect password.
///
public uint BadPasswordCount;
///
/// Type: ULONG
///
/// The number of previous passwords saved in the history list for the account. The user cannot reuse a password in the history list.
///
///
public uint PasswordHistoryLength;
///
/// Type: PNET_VALIDATE_PASSWORD_HASH
/// A pointer to a NET_VALIDATE_PASSWORD_HASH structure that contains the password hashes in the history list.
///
public IntPtr PasswordHistory;
}
/// The USER_INFO_0 structure contains a user account name.
///
/// User account names are limited to 20 characters and group names are limited to 256 characters. In addition, account names cannot
/// be terminated by a period and they cannot include commas or any of the following printable characters: ", /, , [, ], :, |, <,
/// >, +, =, ;, ?, *. Names also cannot include characters in the range 1-31, which are non-printable.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_user_info_0 typedef struct _USER_INFO_0 { LPWSTR
// usri0_name; } USER_INFO_0, *PUSER_INFO_0, *LPUSER_INFO_0;
[PInvokeData("lmaccess.h", MSDNShortId = "5d24a2dd-d1ee-4c97-8fbc-0b336313b60c")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct USER_INFO_0
{
///
/// Pointer to a Unicode string that specifies the name of the user account. For the NetUserSetInfo function, this member
/// specifies the name of the user.
///
public string usri0_name;
}
///
/// The USER_INFO_1 structure contains information about a user account, including account name, password data, privilege
/// level, and the path to the user's home directory.
///
///
/// User account names are limited to 20 characters and group names are limited to 256 characters. In addition, account names cannot
/// be terminated by a period and they cannot include commas or any of the following printable characters: ", /, , [, ], :, |, <,
/// >, +, =, ;, ?, *. Names also cannot include characters in the range 1-31, which are non-printable.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_user_info_1 typedef struct _USER_INFO_1 { LPWSTR
// usri1_name; LPWSTR usri1_password; DWORD usri1_password_age; DWORD usri1_priv; LPWSTR usri1_home_dir; LPWSTR usri1_comment; DWORD
// usri1_flags; LPWSTR usri1_script_path; } USER_INFO_1, *PUSER_INFO_1, *LPUSER_INFO_1;
[PInvokeData("lmaccess.h", MSDNShortId = "f17a1aef-45f1-461f-975d-75221d08277c")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct USER_INFO_1
{
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string that specifies the name of the user account. For the NetUserSetInfo function, this member is
/// ignored. For more information, see the following Remarks section.
///
///
public string usri1_name;
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string that specifies the password of the user indicated by the usri1_name member. The length
/// cannot exceed PWLEN bytes. The NetUserEnum and NetUserGetInfo functions return a NULL pointer to maintain password security.
///
/// By convention, the length of passwords is limited to LM20_PWLEN characters.
///
public string usri1_password;
///
/// Type: DWORD
///
/// The number of seconds that have elapsed since the usri1_password member was last changed. The NetUserAdd and
/// NetUserSetInfo functions ignore this member.
///
///
public uint usri1_password_age;
///
/// Type: DWORD
///
/// The level of privilege assigned to the usri1_name member. When you call the NetUserAdd function, this member must be
/// USER_PRIV_USER. When you call the NetUserSetInfo function, this member must be the value returned by the
/// NetUserGetInfo function or the NetUserEnum function. This member can be one of the following values. For more
/// information about user and group account rights, see Privileges.
///
///
///
/// Value
/// Meaning
///
/// -
/// USER_PRIV_GUEST
/// Guest
///
/// -
/// USER_PRIV_USER
/// User
///
/// -
/// USER_PRIV_ADMIN
/// Administrator
///
///
///
public UserPrivilege usri1_priv;
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string specifying the path of the home directory for the user specified in the usri1_name
/// member. The string can be NULL.
///
///
public string usri1_home_dir;
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string that contains a comment to associate with the user account. This string can be a NULL
/// string, or it can have any number of characters before the terminating null character.
///
///
public string usri1_comment;
///
/// Type: DWORD
/// This member can be one or more of the following values.
///
/// Note that setting user account control flags may require certain privileges and control access rights. For more information,
/// see the Remarks section of the NetUserSetInfo function.
///
///
///
/// Value
/// Meaning
///
/// -
/// UF_SCRIPT
/// The logon script executed. This value must be set.
///
/// -
/// UF_ACCOUNTDISABLE
/// The user's account is disabled.
///
/// -
/// UF_HOMEDIR_REQUIRED
/// The home directory is required. This value is ignored.
///
/// -
/// UF_PASSWD_NOTREQD
/// No password is required.
///
/// -
/// UF_PASSWD_CANT_CHANGE
/// The user cannot change the password.
///
/// -
/// UF_LOCKOUT
///
/// The account is currently locked out. You can call the NetUserSetInfo function and clear this value to unlock a previously
/// locked account. You cannot use this value to lock a previously unlocked account.
///
///
/// -
/// UF_DONT_EXPIRE_PASSWD
/// The password should never expire on the account.
///
/// -
/// UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED
/// The user's password is stored under reversible encryption in the Active Directory.
///
/// -
/// UF_NOT_DELEGATED
/// Marks the account as "sensitive"; other users cannot act as delegates of this user account.
///
/// -
/// UF_SMARTCARD_REQUIRED
/// Requires the user to log on to the user account with a smart card.
///
/// -
/// UF_USE_DES_KEY_ONLY
/// Restrict this principal to use only Data Encryption Standard (DES) encryption types for keys.
///
/// -
/// UF_DONT_REQUIRE_PREAUTH
/// This account does not require Kerberos preauthentication for logon.
///
/// -
/// UF_TRUSTED_FOR_DELEGATION
///
/// The account is enabled for delegation. This is a security-sensitive setting; accounts with this option enabled should be
/// tightly controlled. This setting allows a service running under the account to assume a client's identity and authenticate as
/// that user to other remote servers on the network.
///
///
/// -
/// UF_PASSWORD_EXPIRED
/// The user's password has expired. Windows 2000: This value is not supported.
///
/// -
/// UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION
///
/// The account is trusted to authenticate a user outside of the Kerberos security package and delegate that user through
/// constrained delegation. This is a security-sensitive setting; accounts with this option enabled should be tightly controlled.
/// This setting allows a service running under the account to assert a client's identity and authenticate as that user to
/// specifically configured services on the network. Windows 2000: This value is not supported.
///
///
///
///
/// The following values describe the account type. Only one value can be set. You cannot change the account type using the
/// NetUserSetInfo function.
///
///
///
/// Value
/// Meaning
///
/// -
/// UF_NORMAL_ACCOUNT
/// This is a default account type that represents a typical user.
///
/// -
/// UF_TEMP_DUPLICATE_ACCOUNT
///
/// This is an account for users whose primary account is in another domain. This account provides user access to this domain,
/// but not to any domain that trusts this domain. The User Manager refers to this account type as a local user account.
///
///
/// -
/// UF_WORKSTATION_TRUST_ACCOUNT
/// This is a computer account for a computer that is a member of this domain.
///
/// -
/// UF_SERVER_TRUST_ACCOUNT
/// This is a computer account for a backup domain controller that is a member of this domain.
///
/// -
/// UF_INTERDOMAIN_TRUST_ACCOUNT
/// This is a permit to trust account for a domain that trusts other domains.
///
///
///
public UserAcctCtrlFlags usri1_flags;
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string specifying the path for the user's logon script file. The script file can be a .CMD file, an
/// .EXE file, or a .BAT file. The string can also be NULL.
///
///
public string usri1_script_path;
}
///
/// The USER_INFO_10 structure contains information about a user account, including the account name, comments associated with
/// the account, and the user's full name.
///
///
/// User account names are limited to 20 characters and group names are limited to 256 characters. In addition, account names cannot
/// be terminated by a period and they cannot include commas or any of the following printable characters: ", /, , [, ], :, |, <,
/// >, +, =, ;, ?, *. Names also cannot include characters in the range 1-31, which are non-printable.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_user_info_10 typedef struct _USER_INFO_10 { LPWSTR
// usri10_name; LPWSTR usri10_comment; LPWSTR usri10_usr_comment; LPWSTR usri10_full_name; } USER_INFO_10, *PUSER_INFO_10, *LPUSER_INFO_10;
[PInvokeData("lmaccess.h", MSDNShortId = "f85e3e92-02b2-4ee8-8a82-38e4ef5b4072")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct USER_INFO_10
{
///
/// Pointer to a Unicode string that specifies the name of the user account. Calls to the NetUserSetInfo function ignore this
/// member. For more information, see the following Remarks section.
///
public string usri10_name;
///
/// Pointer to a Unicode string that contains a comment associated with the user account. The string can be a null string, or can
/// have any number of characters before the terminating null character.
///
public string usri10_comment;
///
/// Pointer to a Unicode string that contains a user comment. This string can be a null string, or it can have any number of
/// characters before the terminating null character.
///
public string usri10_usr_comment;
///
/// Pointer to a Unicode string that contains the full name of the user. This string can be a null string, or it can have any
/// number of characters before the terminating null character.
///
public string usri10_full_name;
}
///
/// The USER_INFO_1003 structure contains a user password. This information level is valid only when you call the
/// NetUserSetInfo function.
///
/// By convention, the length of passwords is limited to LM20_PWLEN characters.
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_user_info_1003 typedef struct _USER_INFO_1003 { LPWSTR
// usri1003_password; } USER_INFO_1003, *PUSER_INFO_1003, *LPUSER_INFO_1003;
[PInvokeData("lmaccess.h", MSDNShortId = "ef1d1ecd-7226-4e4e-a0b3-ec096d3b1207")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct USER_INFO_1003
{
///
/// Specifies a Unicode string that contains the password for the user account specified in the username parameter to the
/// NetUserSetInfo function. The length cannot exceed PWLEN bytes.
///
public string usri1003_password;
}
///
/// The USER_INFO_1005 structure contains a privilege level to assign to a user network account. This information level is
/// valid only when you call the NetUserSetInfo function.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_user_info_1005 typedef struct _USER_INFO_1005 { DWORD
// usri1005_priv; } USER_INFO_1005, *PUSER_INFO_1005, *LPUSER_INFO_1005;
[PInvokeData("lmaccess.h", MSDNShortId = "a953b48f-bda0-4dce-a153-d4db912de533")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct USER_INFO_1005
{
///
///
/// Specifies a DWORD value that indicates the level of privilege to assign for the user account specified in the username
/// parameter to the NetUserSetInfo function. This member can be one of the following values. For more information about
/// user and group account rights, see Privileges.
///
///
///
/// Value
/// Meaning
///
/// -
/// USER_PRIV_GUEST
/// Guest
///
/// -
/// USER_PRIV_USER
/// User
///
/// -
/// USER_PRIV_ADMIN
/// Administrator
///
///
///
public UserPrivilege usri1005_priv;
}
///
/// The USER_INFO_1006 structure contains the user's home directory path. This information level is valid only when you call
/// the NetUserSetInfo function.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_user_info_1006 typedef struct _USER_INFO_1006 { LPWSTR
// usri1006_home_dir; } USER_INFO_1006, *PUSER_INFO_1006, *LPUSER_INFO_1006;
[PInvokeData("lmaccess.h", MSDNShortId = "9eb4973b-cda5-4862-b558-3af90b7de19f")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct USER_INFO_1006
{
///
/// Pointer to a Unicode string specifying the path of the home directory for the user account specified in the username
/// parameter to the NetUserSetInfo function. The string can be null.
///
public string usri1006_home_dir;
}
///
/// The USER_INFO_1007 structure contains a comment associated with a user network account. This information level is valid
/// only when you call the NetUserSetInfo function.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_user_info_1007 typedef struct _USER_INFO_1007 { LPWSTR
// usri1007_comment; } USER_INFO_1007, *PUSER_INFO_1007, *LPUSER_INFO_1007;
[PInvokeData("lmaccess.h", MSDNShortId = "a2e49802-799d-4f98-aa6d-5cb1478cb4d4")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct USER_INFO_1007
{
///
/// Pointer to a Unicode string that contains a comment to associate with the user account specified in the username parameter to
/// the NetUserSetInfo function. This string can be a null string, or it can have any number of characters before the
/// terminating null character.
///
public string usri1007_comment;
}
///
/// The USER_INFO_1008 structure contains a set of bit flags defining several user network account parameters. This
/// information level is valid only when you call the NetUserSetInfo function.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_user_info_1008 typedef struct _USER_INFO_1008 { DWORD
// usri1008_flags; } USER_INFO_1008, *PUSER_INFO_1008, *LPUSER_INFO_1008;
[PInvokeData("lmaccess.h", MSDNShortId = "142408ef-ed8e-4af3-8fc2-ffdd40ce4f1e")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct USER_INFO_1008
{
///
///
/// The features to associate with the user account specified in the username parameter to the NetUserSetInfo function.
/// This member can be one or more of the following values.
///
///
/// Note that setting user account control flags may require certain privileges and control access rights. For more information,
/// see the Remarks section of the NetUserSetInfo function.
///
///
///
/// Value
/// Meaning
///
/// -
/// UF_SCRIPT
/// The logon script executed. This value must be set.
///
/// -
/// UF_ACCOUNTDISABLE
/// The user's account is disabled.
///
/// -
/// UF_HOMEDIR_REQUIRED
/// The home directory is required. This value is ignored.
///
/// -
/// UF_PASSWD_NOTREQD
/// No password is required.
///
/// -
/// UF_PASSWD_CANT_CHANGE
/// The user cannot change the password.
///
/// -
/// UF_LOCKOUT
///
/// The account is currently locked out. You can call the NetUserSetInfo function to clear this value and unlock a previously
/// locked account. You cannot use this value to lock a previously unlocked account.
///
///
/// -
/// UF_DONT_EXPIRE_PASSWD
/// The password should never expire on the account.
///
/// -
/// UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED
/// The user's password is stored under reversible encryption in the Active Directory.
///
/// -
/// UF_NOT_DELEGATED
/// Marks the account as "sensitive"; other users cannot act as delegates of this user account.
///
/// -
/// UF_SMARTCARD_REQUIRED
/// Requires the user to log on to the user account with a smart card.
///
/// -
/// UF_USE_DES_KEY_ONLY
/// Restrict this principal to use only Data Encryption Standard (DES) encryption types for keys.
///
/// -
/// UF_DONT_REQUIRE_PREAUTH
/// This account does not require Kerberos preauthentication for logon.
///
/// -
/// UF_TRUSTED_FOR_DELEGATION
///
/// The account is enabled for delegation. This is a security-sensitive setting; accounts with this option enabled should be
/// tightly controlled. This setting allows a service running under the account to assume a client's identity and authenticate as
/// that user to other remote servers on the network.
///
///
/// -
/// UF_PASSWORD_EXPIRED
/// The user's password has expired. Windows 2000: This value is not supported.
///
/// -
/// UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION
///
/// The account is trusted to authenticate a user outside of the Kerberos security package and delegate that user through
/// constrained delegation. This is a security-sensitive setting; accounts with this option enabled should be tightly controlled.
/// This setting allows a service running under the account to assert a client's identity and authenticate as that user to
/// specifically configured services on the network. Windows XP/2000: This value is not supported.
///
///
///
///
/// The following values describe the account type. Only one value can be set. You cannot change the account type using the
/// NetUserSetInfo function.
///
///
///
/// Value
/// Meaning
///
/// -
/// UF_NORMAL_ACCOUNT
/// This is a default account type that represents a typical user.
///
/// -
/// UF_TEMP_DUPLICATE_ACCOUNT
///
/// This is an account for users whose primary account is in another domain. This account provides user access to this domain,
/// but not to any domain that trusts this domain. The User Manager refers to this account type as a local user account.
///
///
/// -
/// UF_WORKSTATION_TRUST_ACCOUNT
/// This is a computer account for a computer that is a member of this domain.
///
/// -
/// UF_SERVER_TRUST_ACCOUNT
/// This is a computer account for a backup domain controller that is a member of this domain.
///
/// -
/// UF_INTERDOMAIN_TRUST_ACCOUNT
/// This is a permit to trust account for a domain that trusts other domains.
///
///
///
public UserAcctCtrlFlags usri1008_flags;
}
///
/// The USER_INFO_1009 structure contains the path for a user's logon script file. This information level is valid only when
/// you call the NetUserSetInfo function.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_user_info_1009 typedef struct _USER_INFO_1009 { LPWSTR
// usri1009_script_path; } USER_INFO_1009, *PUSER_INFO_1009, *LPUSER_INFO_1009;
[PInvokeData("lmaccess.h", MSDNShortId = "baaabbf9-9571-49db-bf38-a3fc2d0a200a")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct USER_INFO_1009
{
///
/// Pointer to a Unicode string specifying the path for the user's logon script file. The user is specified in the username
/// parameter to the NetUserSetInfo function. The script file can be a .CMD file, an .EXE file, or a .BAT file. The string
/// can also be null.
///
public string usri1009_script_path;
}
///
/// The USER_INFO_1010 structure contains a set of bit flags defining the operator privileges assigned to a user network
/// account. This information level is valid only when you call the NetUserSetInfo function.
///
///
/// For more information about controlling access to securable objects, see Access Control, Privileges, and Securable Objects.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_user_info_1010 typedef struct _USER_INFO_1010 { DWORD
// usri1010_auth_flags; } USER_INFO_1010, *PUSER_INFO_1010, *LPUSER_INFO_1010;
[PInvokeData("lmaccess.h", MSDNShortId = "6760729a-1d59-430e-8412-1257977af169")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct USER_INFO_1010
{
///
///
/// Specifies a DWORD value that contains a set of bit flags that specify the user's operator privileges. The user is
/// specified in the username parameter to the NetUserSetInfo function.
///
/// This member can be one or more of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// AF_OP_PRINT
/// The print operator privilege is enabled.
///
/// -
/// AF_OP_COMM
/// The communications operator privilege is enabled.
///
/// -
/// AF_OP_SERVER
/// The server operator privilege is enabled.
///
/// -
/// AF_OP_ACCOUNTS
/// The accounts operator privilege is enabled.
///
///
///
public UserOpPriv usri1010_auth_flags;
}
///
/// The USER_INFO_1011 structure contains the full name of a network user. This information level is valid only when you call
/// the NetUserSetInfo function.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_user_info_1011 typedef struct _USER_INFO_1011 { LPWSTR
// usri1011_full_name; } USER_INFO_1011, *PUSER_INFO_1011, *LPUSER_INFO_1011;
[PInvokeData("lmaccess.h", MSDNShortId = "f60075b4-19c5-4998-b8c3-61e960e76035")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct USER_INFO_1011
{
///
/// Pointer to a Unicode string that contains the full name of the user. The user is specified in the username parameter to the
/// NetUserSetInfo function. This string can be a null string, or it can have any number of characters before the
/// terminating null character.
///
public string usri1011_full_name;
}
///
/// The USER_INFO_1012 structure contains a user comment. This information level is valid only when you call the
/// NetUserSetInfo function.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_user_info_1012 typedef struct _USER_INFO_1012 { LPWSTR
// usri1012_usr_comment; } USER_INFO_1012, *PUSER_INFO_1012, *LPUSER_INFO_1012;
[PInvokeData("lmaccess.h", MSDNShortId = "92501552-7afe-4a95-980a-576254a122a9")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct USER_INFO_1012
{
///
/// Pointer to a Unicode string that contains a user comment. The user is specified in the username parameter to the
/// NetUserSetInfo function. This string can be a null string, or it can have any number of characters before the
/// terminating null character.
///
public string usri1012_usr_comment;
}
///
/// The USER_INFO_1013 structure contains reserved information for network accounts. This information level is valid only when
/// you call the NetUserSetInfo function.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_user_info_1013 typedef struct _USER_INFO_1013 { LPWSTR
// usri1013_parms; } USER_INFO_1013, *PUSER_INFO_1013, *LPUSER_INFO_1013;
[PInvokeData("lmaccess.h", MSDNShortId = "7166201d-57e3-4288-ad15-392cc3733dc6")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct USER_INFO_1013
{
///
///
/// Pointer to a Unicode string that is reserved for use by applications. The string can be a null string, or it can have any
/// number of characters before the terminating null character. Microsoft products use this member to store user configuration
/// information. Do not modify this information.
///
///
/// The system components that use this member are services for Macintosh, file and print services for NetWare, and the Remote
/// Access Server (RAS).
///
///
public string usri1013_parms;
}
///
/// The USER_INFO_1014 structure contains the names of workstations from which the user can log on. This information level is
/// valid only when you call the NetUserSetInfo function.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_user_info_1014 typedef struct _USER_INFO_1014 { LPWSTR
// usri1014_workstations; } USER_INFO_1014, *PUSER_INFO_1014, *LPUSER_INFO_1014;
[PInvokeData("lmaccess.h", MSDNShortId = "ff7f385d-bcda-4560-b22f-d1fc94e7ae41")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct USER_INFO_1014
{
///
///
/// Pointer to a Unicode string that contains the names of workstations from which the user can log on. The user is specified in
/// the username parameter to the NetUserSetInfo function.
///
///
/// As many as eight workstations can be specified; the names must be separated by commas. A null string indicates that there is
/// no restriction.
///
///
public string usri1014_workstations;
}
///
/// The USER_INFO_1017 structure contains expiration information for network user accounts. This information level is valid
/// only when you call the NetUserSetInfo function.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_user_info_1017 typedef struct _USER_INFO_1017 { DWORD
// usri1017_acct_expires; } USER_INFO_1017, *PUSER_INFO_1017, *LPUSER_INFO_1017;
[PInvokeData("lmaccess.h", MSDNShortId = "67ded50e-ab9a-4202-9496-1a39d1af0f58")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct USER_INFO_1017
{
///
///
/// Specifies a DWORD value that indicates when the user account expires. The user account is specified in the username
/// parameter to the NetUserSetInfo function.
///
///
/// The value is stored as the number of seconds that have elapsed since 00:00:00, January 1, 1970, GMT. Specify TIMEQ_FOREVER to
/// indicate that the account never expires.
///
///
public uint usri1017_acct_expires;
}
///
/// The USER_INFO_1018 structure contains the maximum amount of disk space available to a network user account. This
/// information level is valid only when you call the NetUserSetInfo function.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_user_info_1018 typedef struct _USER_INFO_1018 { DWORD
// usri1018_max_storage; } USER_INFO_1018, *PUSER_INFO_1018, *LPUSER_INFO_1018;
[PInvokeData("lmaccess.h", MSDNShortId = "15bdff5c-a360-4519-8e0b-c73ddd01298c")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct USER_INFO_1018
{
///
///
/// Specifies a DWORD value that indicates the maximum amount of disk space the user can use. The user is specified in the
/// username parameter to the NetUserSetInfo function.
///
/// You must specify USER_MAXSTORAGE_UNLIMITED to indicate that there is no restriction on disk space.
///
public uint usri1018_max_storage;
}
///
/// The USER_INFO_1020 structure contains the times during which a user can log on to the network. This information level is
/// valid only when you call the NetUserSetInfo function.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_user_info_1020 typedef struct _USER_INFO_1020 { DWORD
// usri1020_units_per_week; LPBYTE usri1020_logon_hours; } USER_INFO_1020, *PUSER_INFO_1020, *LPUSER_INFO_1020;
[PInvokeData("lmaccess.h", MSDNShortId = "959ed1f4-d5ee-4d77-abd7-bb681778f0b1")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct USER_INFO_1020
{
///
///
/// Specifies a DWORD value that indicates the number of equal-length time units into which the week is divided. This
/// value is required to compute the length of the bit string in the usri1020_logon_hours member.
///
///
/// This value must be UNITS_PER_WEEK for LAN Manager 2.0. Calls to the NetUserAdd and NetUserSetInfo functions ignore this member.
///
///
/// For service applications, the units must be one of the following values: SAM_DAYS_PER_WEEK, SAM_HOURS_PER_WEEK, or SAM_MINUTES_PER_WEEK.
///
///
public uint usri1020_units_per_week;
///
///
/// Pointer to a 21-byte (168 bits) bit string that specifies the times during which the user can log on. The user is specified
/// in the username parameter to the NetUserSetInfo function.
///
///
/// Each bit in the string represents a unique hour in the week, in Greenwich Mean Time (GMT). The first bit (bit 0, word 0) is
/// Sunday, 0:00 to 0:59; the second bit (bit 1, word 0) is Sunday, 1:00 to 1:59; and so on. Note that bit 0 in word 0 represents
/// Sunday from 0:00 to 0:59 only if you are in the GMT time zone. In all other cases you must adjust the bits according to your
/// time zone offset (for example, GMT minus 8 hours for Pacific Standard Time).
///
///
public IntPtr usri1020_logon_hours;
}
///
/// The USER_INFO_1023 structure contains the name of the server to which network logon requests should be sent. This
/// information level is valid only when you call the NetUserSetInfo function.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_user_info_1023 typedef struct _USER_INFO_1023 { LPWSTR
// usri1023_logon_server; } USER_INFO_1023, *PUSER_INFO_1023, *LPUSER_INFO_1023;
[PInvokeData("lmaccess.h", MSDNShortId = "44985bbe-48d2-4fe9-9247-2800089269cb")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct USER_INFO_1023
{
///
///
/// Pointer to a Unicode string that contains the name of the server to which logon requests for the user account should be sent.
/// The user account is specified in the username parameter to the NetUserSetInfo function.
///
///
/// Server names should be preceded by two backslashes (\). To indicate that the logon request can be handled by any logon
/// server, specify an asterisk (\*) for the server name. A null string indicates that requests should be sent to the domain controller.
///
///
public string usri1023_logon_server;
}
///
/// The USER_INFO_1024 structure contains the country/region code for a network user's language of choice. This information
/// level is valid only when you call the NetUserSetInfo function.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_user_info_1024 typedef struct _USER_INFO_1024 { DWORD
// usri1024_country_code; } USER_INFO_1024, *PUSER_INFO_1024, *LPUSER_INFO_1024;
[PInvokeData("lmaccess.h", MSDNShortId = "8133238f-c968-4a65-a8dd-7b9a61a193f5")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct USER_INFO_1024
{
///
///
/// Specifies a DWORD value that indicates the country/region code for the user's language of choice. The user is
/// specified in the username parameter to the NetUserSetInfo function.
///
/// This value is ignored.
///
public uint usri1024_country_code;
}
///
/// The USER_INFO_1025 structure contains the code page for a network user's language of choice. This information level is
/// valid only when you call the NetUserSetInfo function.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_user_info_1025 typedef struct _USER_INFO_1025 { DWORD
// usri1025_code_page; } USER_INFO_1025, *PUSER_INFO_1025, *LPUSER_INFO_1025;
[PInvokeData("lmaccess.h", MSDNShortId = "85e3584f-8245-47e3-9e48-5c43db51be0f")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct USER_INFO_1025
{
///
///
/// Specifies a DWORD value that indicates the code page for the user's language of choice. The user is specified in the
/// username parameter to the NetUserSetInfo function.
///
/// This value is ignored.
///
public uint usri1025_code_page;
}
///
/// The USER_INFO_1051 structure contains the relative ID (RID) associated with the user account. This information level is
/// valid only when you call the NetUserSetInfo function.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_user_info_1051 typedef struct _USER_INFO_1051 { DWORD
// usri1051_primary_group_id; } USER_INFO_1051, *PUSER_INFO_1051, *LPUSER_INFO_1051;
[PInvokeData("lmaccess.h", MSDNShortId = "dbd7c63b-c383-48dd-98f2-087f2b41fc52")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct USER_INFO_1051
{
///
/// Specifies a DWORD value that contains the RID of the Primary Global Group for the user specified in the username
/// parameter to the NetUserSetInfo function. This member must be the RID of a global group that represents the enrolled
/// user. For more information about RIDs, see SID Components.
///
public uint usri1051_primary_group_id;
}
///
/// The USER_INFO_1052 structure contains the path to a network user's profile. This information level is valid only when you
/// call the NetUserSetInfo function.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_user_info_1052 typedef struct _USER_INFO_1052 { LPWSTR
// usri1052_profile; } USER_INFO_1052, *PUSER_INFO_1052, *LPUSER_INFO_1052;
[PInvokeData("lmaccess.h", MSDNShortId = "55ec6819-8558-413a-9a79-c2d59993163d")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct USER_INFO_1052
{
///
/// Specifies a Unicode string that contains the path to the user's profile. The user is specified in the username parameter to
/// the NetUserSetInfo function. This value can be a null string, a local absolute path, or a UNC path.
///
public string usri1052_profile;
}
///
/// The USER_INFO_1053 structure contains user information for network accounts. This information level is valid only when you
/// call the NetUserSetInfo function.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_user_info_1053 typedef struct _USER_INFO_1053 { LPWSTR
// usri1053_home_dir_drive; } USER_INFO_1053, *PUSER_INFO_1053, *LPUSER_INFO_1053;
[PInvokeData("lmaccess.h", MSDNShortId = "687b2c35-344d-49db-a1e2-fb5c2b5db2d6")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct USER_INFO_1053
{
///
/// Specifies the drive letter to assign to the user's home directory for logon purposes. The user is specified in the username
/// parameter to the NetUserSetInfo function.
///
public string usri1053_home_dir_drive;
}
///
/// The USER_INFO_11 structure contains information about a user account, including the account name, privilege level, the
/// path to the user's home directory, and other user-related network statistics.
///
///
/// User account names are limited to 20 characters and group names are limited to 256 characters. In addition, account names cannot
/// be terminated by a period and they cannot include commas or any of the following printable characters: ", /, , [, ], :, |, <,
/// >, +, =, ;, ?, *. Names also cannot include characters in the range 1-31, which are non-printable.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_user_info_11 typedef struct _USER_INFO_11 { LPWSTR
// usri11_name; LPWSTR usri11_comment; LPWSTR usri11_usr_comment; LPWSTR usri11_full_name; DWORD usri11_priv; DWORD
// usri11_auth_flags; DWORD usri11_password_age; LPWSTR usri11_home_dir; LPWSTR usri11_parms; DWORD usri11_last_logon; DWORD
// usri11_last_logoff; DWORD usri11_bad_pw_count; DWORD usri11_num_logons; LPWSTR usri11_logon_server; DWORD usri11_country_code;
// LPWSTR usri11_workstations; DWORD usri11_max_storage; DWORD usri11_units_per_week; PBYTE usri11_logon_hours; DWORD
// usri11_code_page; } USER_INFO_11, *PUSER_INFO_11, *LPUSER_INFO_11;
[PInvokeData("lmaccess.h", MSDNShortId = "718e7143-a6df-4912-954c-cc63bb490044")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct USER_INFO_11
{
///
/// Type: LPWSTR
///
/// A pointer to a Unicode character that specifies the name of the user account. Calls to the NetUserSetInfo function ignore
/// this member. For more information, see the following Remarks section.
///
///
public string usri11_name;
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string that contains a comment associated with the user account. This string can be a NULL
/// string, or it can have any number of characters before the terminating null character.
///
///
public string usri11_comment;
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string that contains a user comment. This string can be a NULL string, or it can have any
/// number of characters before the terminating null character.
///
///
public string usri11_usr_comment;
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string that contains the full name of the user. This string can be a NULL string, or it can
/// have any number of characters before the terminating null character.
///
///
public string usri11_full_name;
///
/// Type: DWORD
///
/// The level of privilege assigned to the usri11_name member. For calls to the NetUserAdd function, this member must be
/// USER_PRIV_USER. For calls to NetUserSetInfo, this member must be the value returned from the NetUserGetInfo function or the
/// NetUserEnum function. This member can be one of the following values. For more information about user and group account
/// rights, see Privileges.
///
///
///
/// Value
/// Meaning
///
/// -
/// USER_PRIV_GUEST
/// Guest
///
/// -
/// USER_PRIV_USER
/// User
///
/// -
/// USER_PRIV_ADMIN
/// Administrator
///
///
///
public UserPrivilege usri11_priv;
///
/// Type: DWORD
/// A set of bit flags defining the user's operator privileges.
///
/// Calls to the NetUserGetInfo function and the NetUserEnum function return a value based on the user's local group membership.
/// If the user is a member of Print Operators, AF_OP_PRINT is set. If the user is a member of Server Operators, AF_OP_SERVER is
/// set. If the user is a member of the Account Operators, AF_OP_ACCOUNTS is set. AF_OP_COMM is never set.
///
/// The NetUserAdd and NetUserSetInfo functions ignore this member.
/// The following restrictions apply:
///
/// -
/// When you call the NetUserAdd function, this member must be zero.
///
/// -
///
/// When you call the NetUserSetInfo function, this member must be the value returned from a call to NetUserGetInfo or to NetUserEnum.
///
///
///
/// This member can be one or more of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// AF_OP_PRINT
/// The print operator privilege is enabled.
///
/// -
/// AF_OP_COMM
/// The communications operator privilege is enabled.
///
/// -
/// AF_OP_SERVER
/// The server operator privilege is enabled.
///
/// -
/// AF_OP_ACCOUNTS
/// The accounts operator privilege is enabled.
///
///
///
public UserOpPriv usri11_auth_flags;
///
/// Type: DWORD
///
/// The number of seconds that have elapsed since the usri11_password member was last changed. The NetUserAdd and
/// NetUserSetInfo functions ignore this member.
///
///
public uint usri11_password_age;
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string specifying the path of the home directory for the user specified in the usri11_name
/// member. The string can be NULL.
///
///
public string usri11_home_dir;
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string that is reserved for use by applications. This string can be a NULL string, or it can
/// have any number of characters before the terminating null character. Microsoft products use this member to store user
/// configuration information. Do not modify this information.
///
///
public string usri11_parms;
///
/// Type: DWORD
///
/// The date and time when the last logon occurred. This value is stored as the number of seconds that have elapsed since
/// 00:00:00, January 1, 1970, GMT. The NetUserAdd and NetUserSetInfo functions ignore this member.
///
///
/// This member is maintained separately on each backup domain controller (BDC) in the domain. To obtain an accurate value, you
/// must query each BDC in the domain. The last logon occurred at the time indicated by the largest retrieved value.
///
///
public uint usri11_last_logon;
///
/// Type: DWORD
/// This member is currently not used.
///
/// The date and time when the last logoff occurred. This value is stored as the number of seconds that have elapsed since
/// 00:00:00, January 1, 1970, GMT. A value of zero indicates that the last logoff time is unknown. The NetUserAdd
/// function and the NetUserSetInfo function ignore this member.
///
///
/// This member is maintained separately on each backup domain controller (BDC) in the domain. To obtain an accurate value, you
/// must query each BDC in the domain. The last logoff occurred at the time indicated by the largest retrieved value.
///
///
public uint usri11_last_logoff;
///
/// Type: DWORD
///
/// The number of times the user tried to log on to this account using an incorrect password. A value of – 1 indicates that the
/// value is unknown. The NetUserAdd and NetUserSetInfo functions ignore this member.
///
///
/// This member is replicated from the primary domain controller (PDC); it is also maintained on each backup domain controller
/// (BDC) in the domain. To obtain an accurate value, you must query each BDC in the domain. The number of times the user tried
/// to log on using an incorrect password is the largest value retrieved.
///
///
public uint usri11_bad_pw_count;
///
/// Type: DWORD
///
/// The number of times the user has logged on successfully to this account. A value of – 1 indicates that the value is unknown.
/// Calls to the NetUserAdd and NetUserSetInfo functions ignore this member.
///
///
/// This member is maintained separately on each backup domain controller (BDC) in the domain. To obtain an accurate value, you
/// must query each BDC in the domain. The number of times the user logged on successfully is the sum of the retrieved values.
///
///
public uint usri11_num_logons;
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string that contains the name of the server to which logon requests are sent. Server names should be
/// preceded by two backslashes (\). To indicate that the logon request can be handled by any logon server, specify an asterisk
/// (\*) for the server name. A NULL string indicates that requests should be sent to the domain controller.
///
///
/// For Windows servers, NetUserGetInfo and NetUserEnum return \*. The NetUserAdd and NetUserSetInfo functions ignore this member.
///
///
public string usri11_logon_server;
///
/// Type: DWORD
/// The country/region code for the user's language of choice.
///
public uint usri11_country_code;
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string that contains the names of workstations from which the user can log on. As many as eight
/// workstations can be specified; the names must be separated by commas. A NULL string indicates that there is no
/// restriction. To disable logons from all workstations to this account, set the UF_ACCOUNTDISABLE value in the
/// usri11_flags member.
///
///
public string usri11_workstations;
///
/// Type: DWORD
/// The maximum amount of disk space the user can use. Specify USER_MAXSTORAGE_UNLIMITED to use all available disk space.
///
public uint usri11_max_storage;
///
/// Type: DWORD
///
/// The number of equal-length time units into which the week is divided. This value is required to compute the length of the bit
/// string in the usri11_logon_hours member.
///
///
/// This member must be UNITS_PER_WEEK for LAN Manager 2.0. This element is ignored by the NetUserAdd and NetUserSetInfo functions.
///
///
/// For service applications, the units must be one of the following values: SAM_DAYS_PER_WEEK, SAM_HOURS_PER_WEEK, or SAM_MINUTES_PER_WEEK.
///
///
public uint usri11_units_per_week;
///
/// Type: PBYTE
///
/// A pointer to a 21-byte (168 bits) bit string that specifies the times during which the user can log on. Each bit represents a
/// unique hour in the week, in Greenwich Mean Time (GMT).
///
///
/// The first bit (bit 0, word 0) is Sunday, 0:00 to 0:59; the second bit (bit 1, word 0) is Sunday, 1:00 to 1:59; and so on.
/// Note that bit 0 in word 0 represents Sunday from 0:00 to 0:59 only if you are in the GMT time zone. In all other cases you
/// must adjust the bits according to your time zone offset (for example, GMT minus 8 hours for Pacific Standard Time).
///
///
/// Specify a NULL pointer in this member when calling the NetUserAdd function to indicate no time restriction. Specify a
/// NULL pointer when calling the NetUserSetInfo function to indicate that no change is to be made to the times during
/// which the user can log on.
///
///
public IntPtr usri11_logon_hours;
///
/// Type: DWORD
/// The code page for the user's language of choice.
///
public uint usri11_code_page;
}
///
/// The USER_INFO_2 structure contains information about a user account, including the account name, password data, privilege
/// level, the path to the user's home directory, and other user-related network statistics.
///
///
/// For more information about user and group account rights, see Privileges.
///
/// User account names are limited to 20 characters and group names are limited to 256 characters. In addition, account names cannot
/// be terminated by a period and they cannot include commas or any of the following printable characters: ", /, , [, ], :, |, <,
/// >, +, =, ;, ?, *. Names also cannot include characters in the range 1-31, which are non-printable.
///
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_user_info_2 typedef struct _USER_INFO_2 { LPWSTR
// usri2_name; LPWSTR usri2_password; DWORD usri2_password_age; DWORD usri2_priv; LPWSTR usri2_home_dir; LPWSTR usri2_comment; DWORD
// usri2_flags; LPWSTR usri2_script_path; DWORD usri2_auth_flags; LPWSTR usri2_full_name; LPWSTR usri2_usr_comment; LPWSTR
// usri2_parms; LPWSTR usri2_workstations; DWORD usri2_last_logon; DWORD usri2_last_logoff; DWORD usri2_acct_expires; DWORD
// usri2_max_storage; DWORD usri2_units_per_week; PBYTE usri2_logon_hours; DWORD usri2_bad_pw_count; DWORD usri2_num_logons; LPWSTR
// usri2_logon_server; DWORD usri2_country_code; DWORD usri2_code_page; } USER_INFO_2, *PUSER_INFO_2, *LPUSER_INFO_2;
[PInvokeData("lmaccess.h", MSDNShortId = "50c78c6a-a08f-473b-929a-9528e618165f")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct USER_INFO_2
{
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string that specifies the name of the user account. Calls to the NetUserSetInfo function ignore this
/// member. For more information, see the following Remarks section.
///
///
public string usri2_name;
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string that specifies the password for the user identified by the usri2_name member. The length
/// cannot exceed PWLEN bytes. The NetUserEnum and NetUserGetInfo functions return a NULL pointer to maintain password security.
///
/// By convention, the length of passwords is limited to LM20_PWLEN characters.
///
public string usri2_password;
///
/// Type: DWORD
///
/// The number of seconds that have elapsed since the usri2_password member was last changed. The NetUserAdd and
/// NetUserSetInfo functions ignore this member.
///
///
public uint usri2_password_age;
///
/// Type: DWORD
///
/// The level of privilege assigned to the usri2_name member. For calls to the NetUserAdd function, this member must be
/// USER_PRIV_USER. For the NetUserSetInfo function, this member must be the value returned by the NetUserGetInfo function
/// or the NetUserEnum function. This member can be one of the following values. For more information about user and group
/// account rights, see Privileges.
///
///
///
/// Value
/// Meaning
///
/// -
/// USER_PRIV_GUEST
/// Guest
///
/// -
/// USER_PRIV_USER
/// User
///
/// -
/// USER_PRIV_ADMIN
/// Administrator
///
///
///
public UserPrivilege usri2_priv;
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string specifying the path of the home directory for the user specified by the usri2_name
/// member. The string can be NULL.
///
///
public string usri2_home_dir;
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string that contains a comment to associate with the user account. The string can be a NULL
/// string, or it can have any number of characters before the terminating null character.
///
///
public string usri2_comment;
///
/// Type: DWORD
/// This member can be one or more of the following values.
///
/// Note that setting user account control flags may require certain privileges and control access rights. For more information,
/// see the Remarks section of the NetUserSetInfo function.
///
///
///
/// Value
/// Meaning
///
/// -
/// UF_SCRIPT
/// The logon script executed. This value must be set.
///
/// -
/// UF_ACCOUNTDISABLE
/// The user's account is disabled.
///
/// -
/// UF_HOMEDIR_REQUIRED
/// The home directory is required. This value is ignored.
///
/// -
/// UF_PASSWD_NOTREQD
/// No password is required.
///
/// -
/// UF_PASSWD_CANT_CHANGE
/// The user cannot change the password.
///
/// -
/// UF_LOCKOUT
///
/// The account is currently locked out. You can call the NetUserSetInfo function to clear this value and unlock a previously
/// locked account. You cannot use this value to lock a previously unlocked account.
///
///
/// -
/// UF_DONT_EXPIRE_PASSWD
/// The password should never expire on the account.
///
/// -
/// UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED
/// The user's password is stored under reversible encryption in the Active Directory.
///
/// -
/// UF_NOT_DELEGATED
/// Marks the account as "sensitive"; other users cannot act as delegates of this user account.
///
/// -
/// UF_SMARTCARD_REQUIRED
/// Requires the user to log on to the user account with a smart card.
///
/// -
/// UF_USE_DES_KEY_ONLY
/// Restrict this principal to use only Data Encryption Standard (DES) encryption types for keys.
///
/// -
/// UF_DONT_REQUIRE_PREAUTH
/// This account does not require Kerberos preauthentication for logon.
///
/// -
/// UF_TRUSTED_FOR_DELEGATION
///
/// The account is enabled for delegation. This is a security-sensitive setting; accounts with this option enabled should be
/// tightly controlled. This setting allows a service running under the account to assume a client's identity and authenticate as
/// that user to other remote servers on the network.
///
///
/// -
/// UF_PASSWORD_EXPIRED
/// The user's password has expired. Windows 2000: This value is not supported.
///
/// -
/// UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION
///
/// The account is trusted to authenticate a user outside of the Kerberos security package and delegate that user through
/// constrained delegation. This is a security-sensitive setting; accounts with this option enabled should be tightly controlled.
/// This setting allows a service running under the account to assert a client's identity and authenticate as that user to
/// specifically configured services on the network. Windows XP/2000: This value is not supported.
///
///
///
///
/// The following values describe the account type. Only one value can be set. You cannot change the account type using the
/// NetUserSetInfo function.
///
///
///
/// Value
/// Meaning
///
/// -
/// UF_NORMAL_ACCOUNT
/// This is a default account type that represents a typical user.
///
/// -
/// UF_TEMP_DUPLICATE_ACCOUNT
///
/// This is an account for users whose primary account is in another domain. This account provides user access to this domain,
/// but not to any domain that trusts this domain. The User Manager refers to this account type as a local user account.
///
///
/// -
/// UF_WORKSTATION_TRUST_ACCOUNT
/// This is a computer account for a computer that is a member of this domain.
///
/// -
/// UF_SERVER_TRUST_ACCOUNT
/// This is a computer account for a backup domain controller that is a member of this domain.
///
/// -
/// UF_INTERDOMAIN_TRUST_ACCOUNT
/// This is a permit to trust account for a domain that trusts other domains.
///
///
///
public UserAcctCtrlFlags usri2_flags;
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string specifying the path for the user's logon script file. The script file can be a .CMD file, an
/// .EXE file, or a .BAT file. The string can also be NULL.
///
///
public string usri2_script_path;
///
/// Type: DWORD
/// The user's operator privileges.
///
/// Calls to the NetUserGetInfo and NetUserEnum functions return a value based on the user's local group
/// membership. If the user is a member of Print Operators, AF_OP_PRINT is set. If the user is a member of Server Operators,
/// AF_OP_SERVER is set. If the user is a member of the Account Operators, AF_OP_ACCOUNTS is set. AF_OP_COMM is never set. For
/// more information about user and group account rights, see Privileges.
///
/// The following restrictions apply:
///
/// -
/// When you call the NetUserAdd function, this member must be zero.
///
/// -
///
/// When you call the NetUserSetInfo function, this member must be the value returned from a call to NetUserGetInfo or to NetUserEnum.
///
///
///
/// This member can be one or more of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// AF_OP_PRINT
/// The print operator privilege is enabled.
///
/// -
/// AF_OP_COMM
/// The communications operator privilege is enabled.
///
/// -
/// AF_OP_SERVER
/// The server operator privilege is enabled.
///
/// -
/// AF_OP_ACCOUNTS
/// The accounts operator privilege is enabled.
///
///
///
public UserOpPriv usri2_auth_flags;
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string that contains the full name of the user. This string can be a NULL string, or it can
/// have any number of characters before the terminating null character.
///
///
public string usri2_full_name;
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string that contains a user comment. This string can be a NULL string, or it can have any
/// number of characters before the terminating null character.
///
///
public string usri2_usr_comment;
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string that is reserved for use by applications. This string can be a NULL string, or it can
/// have any number of characters before the terminating null character. Microsoft products use this member to store user
/// configuration information. Do not modify this information.
///
///
public string usri2_parms;
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string that contains the names of workstations from which the user can log on. As many as eight
/// workstations can be specified; the names must be separated by commas. A NULL string indicates that there is no
/// restriction. To disable logons from all workstations to this account, set the UF_ACCOUNTDISABLE value in the
/// usri2_flags member.
///
///
public string usri2_workstations;
///
/// Type: DWORD
///
/// The date and time when the last logon occurred. This value is stored as the number of seconds that have elapsed since
/// 00:00:00, January 1, 1970, GMT. This member is ignored by the NetUserAdd and NetUserSetInfo functions.
///
///
/// This member is maintained separately on each backup domain controller (BDC) in the domain. To obtain an accurate value, you
/// must query each BDC in the domain. The last logon occurred at the time indicated by the largest retrieved value.
///
///
public uint usri2_last_logon;
///
/// Type: DWORD
/// This member is currently not used.
///
/// Indicates when the last logoff occurred. This value is stored as the number of seconds that have elapsed since 00:00:00,
/// January 1, 1970, GMT. A value of zero indicates that the last logoff time is unknown.
///
///
/// This member is maintained separately on each backup domain controller (BDC) in the domain. To obtain an accurate value, you
/// must query each BDC in the domain. The last logoff occurred at the time indicated by the largest retrieved value.
///
///
public uint usri2_last_logoff;
///
/// Type: DWORD
///
/// The date and time when the account expires. This value is stored as the number of seconds elapsed since 00:00:00, January 1,
/// 1970, GMT. A value of TIMEQ_FOREVER indicates that the account never expires.
///
///
public uint usri2_acct_expires;
///
/// Type: DWORD
/// The maximum amount of disk space the user can use. Specify USER_MAXSTORAGE_UNLIMITED to use all available disk space.
///
public uint usri2_max_storage;
///
/// Type: DWORD
///
/// The number of equal-length time units into which the week is divided. This value is required to compute the length of the bit
/// string in the usri2_logon_hours member.
///
///
/// This value must be UNITS_PER_WEEK for LAN Manager 2.0. This element is ignored by the NetUserAdd and NetUserSetInfo functions.
///
///
/// For service applications, the units must be one of the following values: SAM_DAYS_PER_WEEK, SAM_HOURS_PER_WEEK, or SAM_MINUTES_PER_WEEK.
///
///
public uint usri2_units_per_week;
///
/// Type: PBYTE
///
/// A pointer to a 21-byte (168 bits) bit string that specifies the times during which the user can log on. Each bit represents a
/// unique hour in the week, in Greenwich Mean Time (GMT).
///
///
/// The first bit (bit 0, word 0) is Sunday, 0:00 to 0:59; the second bit (bit 1, word 0) is Sunday, 1:00 to 1:59; and so on.
/// Note that bit 0 in word 0 represents Sunday from 0:00 to 0:59 only if you are in the GMT time zone. In all other cases you
/// must adjust the bits according to your time zone offset (for example, GMT minus 8 hours for Pacific Standard Time).
///
///
/// Specify a NULL pointer in this member when calling the NetUserAdd function to indicate no time restriction. Specify a
/// NULL pointer when calling the NetUserSetInfo function to indicate that no change is to be made to the times during
/// which the user can log on.
///
///
public IntPtr usri2_logon_hours;
///
/// Type: DWORD
///
/// The number of times the user tried to log on to the account using an incorrect password. A value of – 1 indicates that the
/// value is unknown. Calls to the NetUserAdd and NetUserSetInfo functions ignore this member.
///
///
/// This member is replicated from the primary domain controller (PDC); it is also maintained on each backup domain controller
/// (BDC) in the domain. To obtain an accurate value, you must query each BDC in the domain. The number of times the user tried
/// to log on using an incorrect password is the largest value retrieved.
///
///
public uint usri2_bad_pw_count;
///
/// Type: DWORD
///
/// The number of times the user logged on successfully to this account. A value of – 1 indicates that the value is unknown.
/// Calls to the NetUserAdd and NetUserSetInfo functions ignore this member.
///
///
/// This member is maintained separately on each backup domain controller (BDC) in the domain. To obtain an accurate value, you
/// must query each BDC in the domain. The number of times the user logged on successfully is the sum of the retrieved values.
///
///
public uint usri2_num_logons;
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string that contains the name of the server to which logon requests are sent. Server names should be
/// preceded by two backslashes (\). To indicate that the logon request can be handled by any logon server, specify an asterisk
/// (\*) for the server name. A NULL string indicates that requests should be sent to the domain controller.
///
///
/// For Windows servers, NetUserGetInfo and NetUserEnum return \*. The NetUserAdd and NetUserSetInfo functions ignore this member.
///
///
public string usri2_logon_server;
///
/// Type: DWORD
/// The country/region code for the user's language of choice.
///
public uint usri2_country_code;
///
/// Type: DWORD
/// The code page for the user's language of choice.
///
public uint usri2_code_page;
}
///
///
/// The USER_INFO_20 structure contains information about a user account, including the account name, the user's full name, a
/// comment associated with the account, and the user's relative ID (RID).
///
///
/// Note The USER_INFO_23 structure supersedes the USER_INFO_20 structure. It is recommended that applications use the
/// USER_INFO_23 structure instead of the USER_INFO_20 structure.
///
///
///
/// User account names are limited to 20 characters and group names are limited to 256 characters. In addition, account names cannot
/// be terminated by a period and they cannot include commas or any of the following printable characters: ", /, , [, ], :, |, <,
/// >, +, =, ;, ?, *. Names also cannot include characters in the range 1-31, which are non-printable.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_user_info_20 typedef struct _USER_INFO_20 { LPWSTR
// usri20_name; LPWSTR usri20_full_name; LPWSTR usri20_comment; DWORD usri20_flags; DWORD usri20_user_id; } USER_INFO_20,
// *PUSER_INFO_20, *LPUSER_INFO_20;
[PInvokeData("lmaccess.h", MSDNShortId = "67f58d6b-488b-4a88-808f-edb9c3464d85")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct USER_INFO_20
{
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string that specifies the name of the user account. Calls to the NetUserSetInfo function ignore this
/// member. For more information, see the following Remarks section.
///
///
public string usri20_name;
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string that contains the full name of the user. This string can be a null string, or it can have any
/// number of characters before the terminating null character.
///
///
public string usri20_full_name;
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string that contains a comment associated with the user account. This string can be a null string, or
/// it can have any number of characters before the terminating null character.
///
///
public string usri20_comment;
///
/// Type: DWORD
/// This member can be one or more of the following values.
///
/// Note that setting user account control flags may require certain privileges and control access rights. For more information,
/// see the Remarks section of the NetUserSetInfo function.
///
///
///
/// Value
/// Meaning
///
/// -
/// UF_SCRIPT
/// The logon script executed. This value must be set.
///
/// -
/// UF_ACCOUNTDISABLE
/// The user's account is disabled.
///
/// -
/// UF_HOMEDIR_REQUIRED
/// The home directory is required. This value is ignored.
///
/// -
/// UF_PASSWD_NOTREQD
/// No password is required.
///
/// -
/// UF_PASSWD_CANT_CHANGE
/// The user cannot change the password.
///
/// -
/// UF_LOCKOUT
///
/// The account is currently locked out. You can call the NetUserSetInfo function to clear this value and unlock a previously
/// locked account. You cannot use this value to lock a previously unlocked account.
///
///
/// -
/// UF_DONT_EXPIRE_PASSWD
/// The password should never expire on the account.
///
/// -
/// UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED
/// The user's password is stored under reversible encryption in the Active Directory.
///
/// -
/// UF_NOT_DELEGATED
/// Marks the account as "sensitive"; other users cannot act as delegates of this user account.
///
/// -
/// UF_SMARTCARD_REQUIRED
/// Requires the user to log on to the user account with a smart card.
///
/// -
/// UF_USE_DES_KEY_ONLY
/// Restrict this principal to use only Data Encryption Standard (DES) encryption types for keys.
///
/// -
/// UF_DONT_REQUIRE_PREAUTH
/// This account does not require Kerberos preauthentication for logon.
///
/// -
/// UF_TRUSTED_FOR_DELEGATION
///
/// The account is enabled for delegation. This is a security-sensitive setting; accounts with this option enabled should be
/// tightly controlled. This setting allows a service running under the account to assume a client's identity and authenticate as
/// that user to other remote servers on the network.
///
///
/// -
/// UF_PASSWORD_EXPIRED
/// The user's password has expired. Windows 2000: This value is not supported.
///
/// -
/// UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION
///
/// The account is trusted to authenticate a user outside of the Kerberos security package and delegate that user through
/// constrained delegation. This is a security-sensitive setting; accounts with this option enabled should be tightly controlled.
/// This setting allows a service running under the account to assert a client's identity and authenticate as that user to
/// specifically configured services on the network. Windows XP/2000: This value is not supported.
///
///
///
///
/// The following values describe the account type. Only one value can be set. You cannot change the account type using the
/// NetUserSetInfo function.
///
///
///
/// Value
/// Meaning
///
/// -
/// UF_NORMAL_ACCOUNT
/// This is a default account type that represents a typical user.
///
/// -
/// UF_TEMP_DUPLICATE_ACCOUNT
///
/// This is an account for users whose primary account is in another domain. This account provides user access to this domain,
/// but not to any domain that trusts this domain. The User Manager refers to this account type as a local user account.
///
///
/// -
/// UF_WORKSTATION_TRUST_ACCOUNT
/// This is a computer account for a computer that is a member of this domain.
///
/// -
/// UF_SERVER_TRUST_ACCOUNT
/// This is a computer account for a backup domain controller that is a member of this domain.
///
/// -
/// UF_INTERDOMAIN_TRUST_ACCOUNT
/// This is a permit to trust account for a domain that trusts other domains.
///
///
///
public UserAcctCtrlFlags usri20_flags;
///
/// Type: DWORD
///
/// The user's relative identifier (RID). The RID is determined by the Security Account Manager (SAM) when the user is created.
/// It uniquely defines this user account to SAM within the domain. The NetUserAdd and NetUserSetInfo functions ignore this
/// member. For more information about RIDs, see SID Components.
///
///
public uint usri20_user_id;
}
/// The USER_INFO_21 structure contains a one-way encrypted LAN Manager 2.x-compatible password.
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_user_info_21 typedef struct _USER_INFO_21 { BYTE
// usri21_password[ENCRYPTED_PWLEN]; } USER_INFO_21, *PUSER_INFO_21, *LPUSER_INFO_21;
[PInvokeData("lmaccess.h", MSDNShortId = "227e97c5-972e-4d4a-9609-53e60e76d43e")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct USER_INFO_21
{
/// Specifies a one-way encrypted LAN Manager 2.x-compatible password.
[MarshalAs(UnmanagedType.ByValArray, SizeConst = ENCRYPTED_PWLEN)]
public byte[] usri21_password;
}
///
/// The USER_INFO_22 structure contains information about a user account, including the account name, privilege level, the
/// path to the user's home directory, a one-way encrypted LAN Manager 2.x-compatible password, and other user-related network statistics.
///
///
/// User account names are limited to 20 characters and group names are limited to 256 characters. In addition, account names cannot
/// be terminated by a period and they cannot include commas or any of the following printable characters: ", /, , [, ], :, |, <,
/// >, +, =, ;, ?, *. Names also cannot include characters in the range 1-31, which are non-printable.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_user_info_22 typedef struct _USER_INFO_22 { LPWSTR
// usri22_name; BYTE usri22_password[ENCRYPTED_PWLEN]; DWORD usri22_password_age; DWORD usri22_priv; LPWSTR usri22_home_dir; LPWSTR
// usri22_comment; DWORD usri22_flags; LPWSTR usri22_script_path; DWORD usri22_auth_flags; LPWSTR usri22_full_name; LPWSTR
// usri22_usr_comment; LPWSTR usri22_parms; LPWSTR usri22_workstations; DWORD usri22_last_logon; DWORD usri22_last_logoff; DWORD
// usri22_acct_expires; DWORD usri22_max_storage; DWORD usri22_units_per_week; PBYTE usri22_logon_hours; DWORD usri22_bad_pw_count;
// DWORD usri22_num_logons; LPWSTR usri22_logon_server; DWORD usri22_country_code; DWORD usri22_code_page; } USER_INFO_22,
// *PUSER_INFO_22, *LPUSER_INFO_22;
[PInvokeData("lmaccess.h", MSDNShortId = "ff8d2088-953b-4a8a-bdcb-86148dc66a7a")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct USER_INFO_22
{
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string that specifies the name of the user account. Calls to the NetUserSetInfo function ignore this
/// member. For more information, see the following Remarks section.
///
///
public string usri22_name;
///
/// Type: BYTE[ENCRYPTED_PWLEN]
/// A one-way encrypted LAN Manager 2.x-compatible password.
///
[MarshalAs(UnmanagedType.ByValArray, SizeConst = ENCRYPTED_PWLEN)]
public byte[] usri22_password;
///
/// Type: DWORD
///
/// The number of seconds that have elapsed since the usri22_password member was last changed. The NetUserAdd and
/// NetUserSetInfo functions ignore this member.
///
///
public uint usri22_password_age;
///
/// Type: DWORD
///
/// The level of privilege assigned to the usri22_name member. Calls to the NetUserAdd function must specify
/// USER_PRIV_USER. When you call the NetUserSetInfo function this member must be the value returned from the
/// NetUserGetInfo or the NetUserEnum function. This member can be one of the following values. For more information about user
/// and group account rights, see Privileges.
///
///
///
/// Value
/// Meaning
///
/// -
/// USER_PRIV_GUEST
/// Guest
///
/// -
/// USER_PRIV_USER
/// User
///
/// -
/// USER_PRIV_ADMIN
/// Administrator
///
///
///
public UserPrivilege usri22_priv;
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string specifying the path of the home directory for the user specified by the usri22_name
/// member. The string can be null.
///
///
public string usri22_home_dir;
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string that contains a comment associated with the user account. This string can be a null string, or
/// it can have any number of characters before the terminating null character.
///
///
public string usri22_comment;
///
/// Type: DWORD
/// This member can be one or more of the following values.
///
/// Note that setting user account control flags may require certain privileges and control access rights. For more information,
/// see the Remarks section of the NetUserSetInfo function.
///
///
///
/// Value
/// Meaning
///
/// -
/// UF_SCRIPT
/// The logon script executed. This value must be set.
///
/// -
/// UF_ACCOUNTDISABLE
/// The user's account is disabled.
///
/// -
/// UF_HOMEDIR_REQUIRED
/// The home directory is required. This value is ignored.
///
/// -
/// UF_PASSWD_NOTREQD
/// No password is required.
///
/// -
/// UF_PASSWD_CANT_CHANGE
/// The user cannot change the password.
///
/// -
/// UF_LOCKOUT
///
/// The account is currently locked out. You can call the NetUserSetInfo function to clear this value and unlock a previously
/// locked account. You cannot use this value to lock a previously unlocked account.
///
///
/// -
/// UF_DONT_EXPIRE_PASSWD
/// The password should never expire on the account.
///
/// -
/// UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED
/// The user's password is stored under reversible encryption in the Active Directory.
///
/// -
/// UF_NOT_DELEGATED
/// Marks the account as "sensitive"; other users cannot act as delegates of this user account.
///
/// -
/// UF_SMARTCARD_REQUIRED
/// Requires the user to log on to the user account with a smart card.
///
/// -
/// UF_USE_DES_KEY_ONLY
/// Restrict this principal to use only Data Encryption Standard (DES) encryption types for keys.
///
/// -
/// UF_DONT_REQUIRE_PREAUTH
/// This account does not require Kerberos preauthentication for logon.
///
/// -
/// UF_TRUSTED_FOR_DELEGATION
///
/// The account is enabled for delegation. This is a security-sensitive setting; accounts with this option enabled should be
/// tightly controlled. This setting allows a service running under the account to assume a client's identity and authenticate as
/// that user to other remote servers on the network.
///
///
/// -
/// UF_PASSWORD_EXPIRED
/// The user's password has expired. Windows 2000: This value is not supported.
///
/// -
/// UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION
///
/// The account is trusted to authenticate a user outside of the Kerberos security package and delegate that user through
/// constrained delegation. This is a security-sensitive setting; accounts with this option enabled should be tightly controlled.
/// This setting allows a service running under the account to assert a client's identity and authenticate as that user to
/// specifically configured services on the network. Windows XP/2000: This value is not supported.
///
///
///
///
/// The following values describe the account type. Only one value can be set. You cannot change the account type using the
/// NetUserSetInfo function.
///
///
///
/// Value
/// Meaning
///
/// -
/// UF_NORMAL_ACCOUNT
/// This is a default account type that represents a typical user.
///
/// -
/// UF_TEMP_DUPLICATE_ACCOUNT
///
/// This is an account for users whose primary account is in another domain. This account provides user access to this domain,
/// but not to any domain that trusts this domain. The User Manager refers to this account type as a local user account.
///
///
/// -
/// UF_WORKSTATION_TRUST_ACCOUNT
/// This is a computer account for a computer that is a member of this domain.
///
/// -
/// UF_SERVER_TRUST_ACCOUNT
/// This is a computer account for a backup domain controller that is a member of this domain.
///
/// -
/// UF_INTERDOMAIN_TRUST_ACCOUNT
/// This is a permit to trust account for a domain that trusts other domains.
///
///
///
public UserAcctCtrlFlags usri22_flags;
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string specifying the path for the user's logon script file. The script file can be a .CMD file, an
/// .EXE file, or a .BAT file. The string can also be null.
///
///
public string usri22_script_path;
///
/// Type: DWORD
/// The user's operator privileges.
///
/// Calls to the NetUserGetInfo function and the NetUserEnum function return a value based on the user's local
/// group membership. If the user is a member of Print Operators, AF_OP_PRINT, is set. If the user is a member of Server
/// Operators, AF_OP_SERVER, is set. If the user is a member of the Account Operators, AF_OP_ACCOUNTS, is set. AF_OP_COMM is
/// never set.
///
/// The following restrictions apply:
///
/// -
/// When you call the NetUserAdd function, this member must be zero.
///
/// -
///
/// When you call the NetUserSetInfo function, this member must be the value returned from a call to NetUserGetInfo or to NetUserEnum.
///
///
///
/// This member can be one or more of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// AF_OP_PRINT
/// The print operator privilege is enabled.
///
/// -
/// AF_OP_COMM
/// The communications operator privilege is enabled.
///
/// -
/// AF_OP_SERVER
/// The server operator privilege is enabled.
///
/// -
/// AF_OP_ACCOUNTS
/// The accounts operator privilege is enabled.
///
///
///
public UserOpPriv usri22_auth_flags;
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string that contains the full name of the user. This string can be a null string, or it can have any
/// number of characters before the terminating null character.
///
///
public string usri22_full_name;
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string that contains a user comment. This string can be a null string, or it can have any number of
/// characters before the terminating null character.
///
///
public string usri22_usr_comment;
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string that is reserved for use by applications. This string can be a null string, or it can have any
/// number of characters before the terminating null character. Microsoft products use this member to store user configuration
/// information. Do not modify this information.
///
///
public string usri22_parms;
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string that contains the names of workstations from which the user can log on. As many as eight
/// workstations can be specified; the names must be separated by commas. A null string indicates that there is no restriction.
/// To disable logons from all workstations to this account, set the UF_ACCOUNTDISABLE value in the usri22_flags member.
///
///
public string usri22_workstations;
///
/// Type: DWORD
///
/// The date and time when the last logon occurred. This value is stored as the number of seconds that have elapsed since
/// 00:00:00, January 1, 1970, GMT. Calls to the NetUserAdd and the NetUserSetInfo functions ignore this member.
///
///
/// This member is maintained separately on each backup domain controller (BDC) in the domain. To obtain an accurate value, you
/// must query each BDC in the domain. The last logon occurred at the time indicated by the largest retrieved value.
///
///
public uint usri22_last_logon;
///
/// Type: DWORD
/// This member is currently not used.
///
/// The date and time when the last logoff occurred. This value is stored as the number of seconds that have elapsed since
/// 00:00:00, January 1, 1970, GMT. A value of zero means that the last logoff time is unknown. This element is ignored by calls
/// to NetUserAdd and NetUserSetInfo.
///
///
/// This member is maintained separately on each backup domain controller (BDC) in the domain. To obtain an accurate value, you
/// must query each BDC in the domain. The last logoff occurred at the time indicated by the largest retrieved value.
///
///
public uint usri22_last_logoff;
///
/// Type: DWORD
///
/// The date and time when the account expires. This value is stored as the number of seconds that have elapsed since 00:00:00,
/// January 1, 1970, GMT. A value of TIMEQ_FOREVER indicates that the account never expires.
///
///
public uint usri22_acct_expires;
///
/// Type: DWORD
/// The maximum amount of disk space the user can use. Specify USER_MAXSTORAGE_UNLIMITED to use all available disk space.
///
public uint usri22_max_storage;
///
/// Type: DWORD
///
/// The number of equal-length time units into which the week is divided. This value is required to compute the length of the bit
/// string in the usri22_logon_hours member.
///
///
/// This value must be UNITS_PER_WEEK for LAN Manager 2.0. Calls to the NetUserAdd and NetUserSetInfo functions ignore this member.
///
/// For service applications, the units must be one of the following: SAM_DAYS_PER_WEEK, SAM_HOURS_PER_WEEK, or SAM_MINUTES_PER_WEEK.
///
public uint usri22_units_per_week;
///
/// Type: PBYTE
///
/// A pointer to a 21-byte (168 bits) bit string that specifies the times during which the user can log on. Each bit represents a
/// unique hour in the week, in Greenwich Mean Time (GMT).
///
///
/// The first bit (bit 0, word 0) is Sunday, 0:00 to 0:59; the second bit (bit 1, word 0) is Sunday, 1:00 to 1:59; and so on.
/// Note that bit 0 in word 0 represents Sunday from 0:00 to 0:59 only if you are in the GMT time zone. In all other cases you
/// must adjust the bits according to your time zone offset (for example, GMT minus 8 hours for Pacific Standard Time).
///
///
/// Specify a null pointer in this member when calling the NetUserAdd function to indicate no time restriction. Specify a null
/// pointer when calling the NetUserSetInfo function to indicate that no change is to be made to the times during which the user
/// can log on.
///
///
public IntPtr usri22_logon_hours;
///
/// Type: DWORD
///
/// The number of times the user tried to log on to this account using an incorrect password. A value of – 1 indicates that the
/// value is unknown. Calls to the NetUserAdd and NetUserSetInfo functions ignore this member.
///
///
/// This member is replicated from the primary domain controller (PDC); it is also maintained on each backup domain controller
/// (BDC) in the domain. To obtain an accurate value, you must query each BDC in the domain. The number of times the user tried
/// to log on using an incorrect password is the largest value retrieved.
///
///
public uint usri22_bad_pw_count;
///
/// Type: DWORD
///
/// The number of times the user logged on successfully to this account. A value of – 1 indicates that the value is unknown.
/// Calls to the NetUserAdd and NetUserSetInfo functions ignore this member.
///
///
/// This member is maintained separately on each backup domain controller (BDC) in the domain. To obtain an accurate value, you
/// must query each BDC in the domain. The number of times the user logged on successfully is the sum of the retrieved values.
///
///
public uint usri22_num_logons;
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string that contains the name of the server to which logon requests are sent. Server names should be
/// preceded by two backslashes (\). To indicate that the logon request can be handled by any logon server, specify an asterisk
/// (\*) for the server name. A null string indicates that requests should be sent to the domain controller.
///
///
/// For Windows servers, the NetUserGetInfo and NetUserEnum functions return \*. Calls to the NetUserAdd and NetUserSetInfo
/// functions ignore this member.
///
///
public string usri22_logon_server;
///
/// Type: DWORD
/// The country/region code for the user's language of choice.
/// This value is ignored.
///
public uint usri22_country_code;
///
/// Type: DWORD
/// The code page for the user's language of choice.
/// This value is ignored.
///
public uint usri22_code_page;
}
///
///
/// The USER_INFO_23 structure contains information about a user account, including the account name, the user's full name, a
/// comment associated with the account, and the user's security identifier (SID).
///
///
/// Note The USER_INFO_23 structure supersedes the USER_INFO_20 structure. It is recommended that applications use the
/// USER_INFO_23 structure instead of the USER_INFO_20 structure.
///
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_user_info_23 typedef struct _USER_INFO_23 { LPWSTR
// usri23_name; LPWSTR usri23_full_name; LPWSTR usri23_comment; DWORD usri23_flags; PSID usri23_user_sid; } USER_INFO_23,
// *PUSER_INFO_23, *LPUSER_INFO_23;
[PInvokeData("lmaccess.h", MSDNShortId = "1af3ff6d-bc9f-44ad-9981-124ac1961298")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct USER_INFO_23
{
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string that specifies the name of the user account. Calls to the NetUserSetInfo function ignore this member.
///
///
public string usri23_name;
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string that contains the full name of the user. This string can be a null string, or it can have any
/// number of characters before the terminating null character.
///
///
public string usri23_full_name;
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string that contains a comment associated with the user account. This string can be a null string, or
/// it can have any number of characters before the terminating null character.
///
///
public string usri23_comment;
///
/// Type: DWORD
/// This member can be one or more of the following values.
///
/// Note that setting user account control flags may require certain privileges and control access rights. For more information,
/// see the Remarks section of the NetUserSetInfo function.
///
///
///
/// Value
/// Meaning
///
/// -
/// UF_SCRIPT
/// The logon script executed. This value must be set.
///
/// -
/// UF_ACCOUNTDISABLE
/// The user's account is disabled.
///
/// -
/// UF_HOMEDIR_REQUIRED
/// The home directory is required. This value is ignored.
///
/// -
/// UF_PASSWD_NOTREQD
/// No password is required.
///
/// -
/// UF_PASSWD_CANT_CHANGE
/// The user cannot change the password.
///
/// -
/// UF_LOCKOUT
///
/// The account is currently locked out. You can call the NetUserSetInfo function to clear this value and unlock a previously
/// locked account. You cannot use this value to lock a previously unlocked account.
///
///
/// -
/// UF_DONT_EXPIRE_PASSWD
/// The password should never expire on the account.
///
/// -
/// UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED
/// The user's password is stored under reversible encryption in the Active Directory.
///
/// -
/// UF_NOT_DELEGATED
/// Marks the account as "sensitive"; other users cannot act as delegates of this user account.
///
/// -
/// UF_SMARTCARD_REQUIRED
/// Requires the user to log on to the user account with a smart card.
///
/// -
/// UF_USE_DES_KEY_ONLY
/// Restrict this principal to use only Data Encryption Standard (DES) encryption types for keys.
///
/// -
/// UF_DONT_REQUIRE_PREAUTH
/// This account does not require Kerberos preauthentication for logon.
///
/// -
/// UF_TRUSTED_FOR_DELEGATION
///
/// The account is enabled for delegation. This is a security-sensitive setting; accounts with this option enabled should be
/// tightly controlled. This setting allows a service running under the account to assume a client's identity and authenticate as
/// that user to other remote servers on the network.
///
///
/// -
/// UF_PASSWORD_EXPIRED
/// The user's password has expired. Windows 2000: This value is not supported.
///
/// -
/// UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION
///
/// The account is trusted to authenticate a user outside of the Kerberos security package and delegate that user through
/// constrained delegation. This is a security-sensitive setting; accounts with this option enabled should be tightly controlled.
/// This setting allows a service running under the account to assert a client's identity and authenticate as that user to
/// specifically configured services on the network. Windows XP/2000: This value is not supported.
///
///
///
///
/// The following values describe the account type. Only one value can be set. You cannot change the account type using the
/// NetUserSetInfo function.
///
///
///
/// Value
/// Meaning
///
/// -
/// UF_NORMAL_ACCOUNT
/// This is a default account type that represents a typical user.
///
/// -
/// UF_TEMP_DUPLICATE_ACCOUNT
///
/// This is an account for users whose primary account is in another domain. This account provides user access to this domain,
/// but not to any domain that trusts this domain. The User Manager refers to this account type as a local user account.
///
///
/// -
/// UF_WORKSTATION_TRUST_ACCOUNT
/// This is a computer account for a computer that is a member of this domain.
///
/// -
/// UF_SERVER_TRUST_ACCOUNT
/// This is a computer account for a backup domain controller that is a member of this domain.
///
/// -
/// UF_INTERDOMAIN_TRUST_ACCOUNT
/// This is a permit to trust account for a domain that trusts other domains.
///
///
///
public UserAcctCtrlFlags usri23_flags;
///
/// Type: PSID
///
/// A pointer to a SID structure that contains the security identifier (SID) that uniquely identifies the user. The NetUserAdd
/// and NetUserSetInfo functions ignore this member.
///
///
public PSID usri23_user_sid;
}
///
/// The USER_INFO_24 structure contains user account information on an account which is connected to an Internet identity.
/// This information includes the Internet provider name for the user, the user's Internet name, and the user's security identifier (SID).
///
///
///
/// A user's account for logging onto Windows can be connected to an Internet identity. The user account can be a local account on a
/// computer or a domain account for computers joined to a domain. The USER_INFO_24 structure is used to provide information
/// on an account which is connected to an Internet identity.
///
///
/// On Windows 8 and Windows Server 2012, the Internet identity for a connected account can often be used instead of the computer account.
///
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_user_info_24 typedef struct _USER_INFO_24 { BOOL
// usri24_internet_identity; DWORD usri24_flags; LPWSTR usri24_internet_provider_name; LPWSTR usri24_internet_principal_name; PSID
// usri24_user_sid; } USER_INFO_24, *PUSER_INFO_24, *LPUSER_INFO_24;
[PInvokeData("lmaccess.h", MSDNShortId = "CE65EDE0-F4AE-4582-9D7F-6667BBA98C75")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct USER_INFO_24
{
///
/// A boolean value that indicates whether an account is connected to an Internet identity.
///
/// This member is true if the account is connected to an Internet identity. The other members in this structure can be used.
///
///
/// If this member is false, then the account is not connected to an Internet identity and other members in this structure should
/// be ignored.
///
///
[MarshalAs(UnmanagedType.Bool)] public bool usri24_internet_identity;
/// A set of flags. This member must be zero.
public UserAcctCtrlFlags usri24_flags;
/// A pointer to a Unicode string that specifies the Internet provider name.
public string usri24_internet_provider_name;
/// A pointer to a Unicode string that specifies the user's Internet name.
public string usri24_internet_principal_name;
/// The local account SID of the user.
public PSID usri24_user_sid;
}
///
/// The USER_INFO_3 structure contains information about a user account, including the account name, password data, privilege
/// level, the path to the user's home directory, relative identifiers (RIDs), and other user-related network statistics.
///
///
/// The USER_INFO_3 structure can be used with the NetUserAdd, NetUserEnum, NetUserSetInfo, and NetUserGetInfofunctions.
///
/// User account names are limited to 20 characters and group names are limited to 256 characters. In addition, account names cannot
/// be terminated by a period and they cannot include commas or any of the following printable characters: ", /, , [, ], :, |, <,
/// >, +, =, ;, ?, *. Names also cannot include characters in the range 1-31, which are non-printable.
///
///
/// Note that the USER_INFO_4 structure supersedes the USER_INFO_3 structure on Windows XP and later. It is recommended that
/// applications use the USER_INFO_4 structure instead of the USER_INFO_3 structure with the NetUserAdd,
/// NetUserSetInfo, and NetUserGetInfofunctions on Windows XP and later.
///
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_user_info_3 typedef struct _USER_INFO_3 { LPWSTR
// usri3_name; LPWSTR usri3_password; DWORD usri3_password_age; DWORD usri3_priv; LPWSTR usri3_home_dir; LPWSTR usri3_comment; DWORD
// usri3_flags; LPWSTR usri3_script_path; DWORD usri3_auth_flags; LPWSTR usri3_full_name; LPWSTR usri3_usr_comment; LPWSTR
// usri3_parms; LPWSTR usri3_workstations; DWORD usri3_last_logon; DWORD usri3_last_logoff; DWORD usri3_acct_expires; DWORD
// usri3_max_storage; DWORD usri3_units_per_week; PBYTE usri3_logon_hours; DWORD usri3_bad_pw_count; DWORD usri3_num_logons; LPWSTR
// usri3_logon_server; DWORD usri3_country_code; DWORD usri3_code_page; DWORD usri3_user_id; DWORD usri3_primary_group_id; LPWSTR
// usri3_profile; LPWSTR usri3_home_dir_drive; DWORD usri3_password_expired; } USER_INFO_3, *PUSER_INFO_3, *LPUSER_INFO_3;
[PInvokeData("lmaccess.h", MSDNShortId = "39ed05f5-165d-4cb8-98af-e4120a1634f6")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct USER_INFO_3
{
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string that specifies the name of the user account. For the NetUserSetInfo function, this member is
/// ignored. For more information, see the following Remarks section.
///
///
public string usri3_name;
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string that specifies the password for the user identified by the usri3_name member. The length
/// cannot exceed PWLEN bytes. The NetUserEnum and NetUserGetInfo functions return a NULL pointer to maintain password security.
///
/// By convention, the length of passwords is limited to LM20_PWLEN characters.
///
public string usri3_password;
///
/// Type: DWORD
///
/// The number of seconds that have elapsed since the usri3_password member was last changed. The NetUserAdd and
/// NetUserSetInfo functions ignore this member.
///
///
public uint usri3_password_age;
///
/// Type: DWORD
///
/// The level of privilege assigned to the usri3_name member. The NetUserAdd and NetUserSetInfo functions ignore this
/// member. This member can be one of the following values. For more information about user and group account rights, see Privileges.
///
///
///
/// Value
/// Meaning
///
/// -
/// USER_PRIV_GUEST
/// Guest
///
/// -
/// USER_PRIV_USER
/// User
///
/// -
/// USER_PRIV_ADMIN
/// Administrator
///
///
///
public UserPrivilege usri3_priv;
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string specifying the path of the home directory of the user specified by the usri3_name
/// member. The string can be NULL.
///
///
public string usri3_home_dir;
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string that contains a comment to associate with the user account. The string can be a NULL
/// string, or it can have any number of characters before the terminating null character.
///
///
public string usri3_comment;
///
/// Type: DWORD
/// This member can be one or more of the following values.
///
/// Note that setting user account control flags may require certain privileges and control access rights. For more information,
/// see the Remarks section of the NetUserSetInfo function.
///
///
///
/// Value
/// Meaning
///
/// -
/// UF_SCRIPT
/// The logon script executed. This value must be set.
///
/// -
/// UF_ACCOUNTDISABLE
/// The user's account is disabled.
///
/// -
/// UF_HOMEDIR_REQUIRED
/// The home directory is required. This value is ignored.
///
/// -
/// UF_PASSWD_NOTREQD
/// No password is required.
///
/// -
/// UF_PASSWD_CANT_CHANGE
/// The user cannot change the password.
///
/// -
/// UF_LOCKOUT
///
/// The account is currently locked out. You can call the NetUserSetInfo function to clear this value and unlock a previously
/// locked account. You cannot use this value to lock a previously unlocked account.
///
///
/// -
/// UF_DONT_EXPIRE_PASSWD
/// The password should never expire on the account.
///
/// -
/// UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED
/// The user's password is stored under reversible encryption in the Active Directory.
///
/// -
/// UF_NOT_DELEGATED
/// Marks the account as "sensitive"; other users cannot act as delegates of this user account.
///
/// -
/// UF_SMARTCARD_REQUIRED
/// Requires the user to log on to the user account with a smart card.
///
/// -
/// UF_USE_DES_KEY_ONLY
/// Restrict this principal to use only Data Encryption Standard (DES) encryption types for keys.
///
/// -
/// UF_DONT_REQUIRE_PREAUTH
/// This account does not require Kerberos preauthentication for logon.
///
/// -
/// UF_TRUSTED_FOR_DELEGATION
///
/// The account is enabled for delegation. This is a security-sensitive setting; accounts with this option enabled should be
/// tightly controlled. This setting allows a service running under the account to assume a client's identity and authenticate as
/// that user to other remote servers on the network.
///
///
/// -
/// UF_PASSWORD_EXPIRED
/// The user's password has expired. Windows 2000: This value is not supported.
///
/// -
/// UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION
///
/// The account is trusted to authenticate a user outside of the Kerberos security package and delegate that user through
/// constrained delegation. This is a security-sensitive setting; accounts with this option enabled should be tightly controlled.
/// This setting allows a service running under the account to assert a client's identity and authenticate as that user to
/// specifically configured services on the network. Windows XP/2000: This value is not supported.
///
///
///
///
/// The following values describe the account type. Only one value can be set. You cannot change the account type using the
/// NetUserSetInfo function.
///
///
///
/// Value
/// Meaning
///
/// -
/// UF_NORMAL_ACCOUNT
/// This is a default account type that represents a typical user.
///
/// -
/// UF_TEMP_DUPLICATE_ACCOUNT
///
/// This is an account for users whose primary account is in another domain. This account provides user access to this domain,
/// but not to any domain that trusts this domain. The User Manager refers to this account type as a local user account.
///
///
/// -
/// UF_WORKSTATION_TRUST_ACCOUNT
/// This is a computer account for a computer that is a member of this domain.
///
/// -
/// UF_SERVER_TRUST_ACCOUNT
/// This is a computer account for a backup domain controller that is a member of this domain.
///
/// -
/// UF_INTERDOMAIN_TRUST_ACCOUNT
/// This is a permit to trust account for a domain that trusts other domains.
///
///
///
public UserAcctCtrlFlags usri3_flags;
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string specifying the path for the user's logon script file. The script file can be a .CMD file, an
/// .EXE file, or a .BAT file. The string can also be NULL.
///
///
public string usri3_script_path;
///
/// Type: DWORD
/// The user's operator privileges.
///
/// For the NetUserGetInfo and NetUserEnum functions, the appropriate value is returned based on the local group membership. If
/// the user is a member of Print Operators, AF_OP_PRINT is set. If the user is a member of Server Operators, AF_OP_SERVER is
/// set. If the user is a member of the Account Operators, AF_OP_ACCOUNTS is set. AF_OP_COMM is never set.
///
/// The NetUserAdd and NetUserSetInfo functions ignore this member.
/// This member can be one or more of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// AF_OP_PRINT
/// The print operator privilege is enabled.
///
/// -
/// AF_OP_COMM
/// The communications operator privilege is enabled.
///
/// -
/// AF_OP_SERVER
/// The server operator privilege is enabled.
///
/// -
/// AF_OP_ACCOUNTS
/// The accounts operator privilege is enabled.
///
///
///
public UserOpPriv usri3_auth_flags;
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string that contains the full name of the user. This string can be a NULL string, or it can
/// have any number of characters before the terminating null character.
///
///
public string usri3_full_name;
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string that contains a user comment. This string can be a NULL string, or it can have any
/// number of characters before the terminating null character.
///
///
public string usri3_usr_comment;
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string that is reserved for use by applications. This string can be a NULL string, or it can
/// have any number of characters before the terminating null character. Microsoft products use this member to store user
/// configuration information. Do not modify this information.
///
///
public string usri3_parms;
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string that contains the names of workstations from which the user can log on. As many as eight
/// workstations can be specified; the names must be separated by commas. If you do not want to restrict the number of
/// workstations, use a NULL string. To disable logons from all workstations to this account, set the UF_ACCOUNTDISABLE
/// value in the usri3_flags member.
///
///
public string usri3_workstations;
///
/// Type: DWORD
///
/// The date and time when the last logon occurred. This value is stored as the number of seconds that have elapsed since
/// 00:00:00, January 1, 1970, GMT. This member is ignored by the NetUserAdd and NetUserSetInfo functions.
///
///
/// This member is maintained separately on each backup domain controller (BDC) in the domain. To obtain an accurate value, you
/// must query each BDC in the domain. The last logon occurred at the time indicated by the largest retrieved value.
///
///
public uint usri3_last_logon;
///
/// Type: DWORD
/// This member is currently not used.
///
/// The date and time when the last logoff occurred. This value is stored as the number of seconds that have elapsed since
/// 00:00:00, January 1, 1970, GMT. A value of zero indicates that the last logoff time is unknown.
///
///
/// This member is maintained separately on each backup domain controller (BDC) in the domain. To obtain an accurate value, you
/// must query each BDC in the domain. The last logoff occurred at the time indicated by the largest retrieved value.
///
///
public uint usri3_last_logoff;
///
/// Type: DWORD
///
/// The date and time when the account expires. This value is stored as the number of seconds elapsed since 00:00:00, January 1,
/// 1970, GMT. A value of TIMEQ_FOREVER indicates that the account never expires.
///
///
public uint usri3_acct_expires;
///
/// Type: DWORD
/// The maximum amount of disk space the user can use. Specify USER_MAXSTORAGE_UNLIMITED to use all available disk space.
///
public uint usri3_max_storage;
///
/// Type: DWORD
///
/// The number of equal-length time units into which the week is divided. This value is required to compute the length of the bit
/// string in the usri3_logon_hours member.
///
///
/// This value must be UNITS_PER_WEEK for LAN Manager 2.0. This element is ignored by the NetUserAdd and NetUserSetInfo functions.
///
///
/// For service applications, the units must be one of the following values: SAM_DAYS_PER_WEEK, SAM_HOURS_PER_WEEK, or SAM_MINUTES_PER_WEEK.
///
///
public uint usri3_units_per_week;
///
/// Type: PBYTE
///
/// A pointer to a 21-byte (168 bits) bit string that specifies the times during which the user can log on. Each bit represents a
/// unique hour in the week, in Greenwich Mean Time (GMT).
///
///
/// The first bit (bit 0, word 0) is Sunday, 0:00 to 0:59; the second bit (bit 1, word 0) is Sunday, 1:00 to 1:59; and so on.
/// Note that bit 0 in word 0 represents Sunday from 0:00 to 0:59 only if you are in the GMT time zone. In all other cases you
/// must adjust the bits according to your time zone offset (for example, GMT minus 8 hours for Pacific Standard Time).
///
///
/// Specify a NULL pointer in this member when calling the NetUserAdd function to indicate no time restriction. Specify a
/// NULL pointer when calling the NetUserSetInfo function to indicate that no change is to be made to the times during
/// which the user can log on.
///
///
public IntPtr usri3_logon_hours;
///
/// Type: DWORD
///
/// The number of times the user tried to log on to the account using an incorrect password. A value of – 1 indicates that the
/// value is unknown. Calls to the NetUserAdd and NetUserSetInfo functions ignore this member.
///
///
/// This member is replicated from the primary domain controller (PDC); it is also maintained on each backup domain controller
/// (BDC) in the domain. To obtain an accurate value, you must query each BDC in the domain. The number of times the user tried
/// to log on using an incorrect password is the largest value retrieved.
///
///
public uint usri3_bad_pw_count;
///
/// Type: DWORD
///
/// The number of times the user logged on successfully to this account. A value of – 1 indicates that the value is unknown.
/// Calls to the NetUserAdd and NetUserSetInfo functions ignore this member.
///
///
/// This member is maintained separately on each backup domain controller (BDC) in the domain. To obtain an accurate value, you
/// must query each BDC in the domain. The number of times the user logged on successfully is the sum of the retrieved values.
///
///
public uint usri3_num_logons;
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string that contains the name of the server to which logon requests are sent. Server names should be
/// preceded by two backslashes (\). To indicate that the logon request can be handled by any logon server, specify an asterisk
/// (\*) for the server name. A NULL string indicates that requests should be sent to the domain controller.
///
///
/// For Windows servers, NetUserGetInfo and NetUserEnum return \*. The NetUserAdd and NetUserSetInfo functions ignore this member.
///
///
public string usri3_logon_server;
///
/// Type: DWORD
/// The country/region code for the user's language of choice.
///
public uint usri3_country_code;
///
/// Type: DWORD
/// The code page for the user's language of choice.
///
public uint usri3_code_page;
///
/// Type: DWORD
///
/// The relative ID (RID) of the user. The RID is determined by the Security Account Manager (SAM) when the user is created. It
/// uniquely defines the user account to SAM within the domain. The NetUserAdd and NetUserSetInfo functions ignore this member.
/// For more information about RIDs, see SID Components.
///
///
public uint usri3_user_id;
///
/// Type: DWORD
///
/// The RID of the Primary Global Group for the user. When you call the NetUserAdd function, this member must be
/// DOMAIN_GROUP_RID_USERS (defined in WinNT.h). When you call NetUserSetInfo, this member must be the RID of a global
/// group in which the user is enrolled. For more information, see Well-Known SIDs.
///
///
public uint usri3_primary_group_id;
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string that specifies a path to the user's profile. This value can be a NULL string, a local
/// absolute path, or a UNC path.
///
///
public string usri3_profile;
///
/// Type: LPWSTR
/// A pointer to a Unicode string that specifies the drive letter assigned to the user's home directory for logon purposes.
///
public string usri3_home_dir_drive;
///
/// Type: DWORD
/// The password expiration information.
/// The NetUserGetInfo and NetUserEnum functions return zero if the password has not expired (and nonzero if it has).
///
/// When you call NetUserAdd or NetUserSetInfo, specify a nonzero value in this member to inform users that they must change
/// their password at the next logon. To turn off this message, call NetUserSetInfo and specify zero in this member. Note
/// that you cannot specify zero to negate the expiration of a password that has already expired.
///
///
public uint usri3_password_expired;
}
///
/// The USER_INFO_4 structure contains information about a user account, including the account name, password data, privilege
/// level, the path to the user's home directory, security identifier (SID), and other user-related network statistics.
///
///
/// The USER_INFO_4 structure can be used with the NetUserAdd, NetUserSetInfo, and NetUserGetInfofunctions.
///
/// User account names are limited to 20 characters and group names are limited to 256 characters. In addition, account names cannot
/// be terminated by a period and they cannot include commas or any of the following printable characters: ", /, , [, ], :, |, <,
/// >, +, =, ;, ?, *. Names also cannot include characters in the range 1-31, which are non-printable.
///
///
/// Note that the USER_INFO_4 structure supersedes the USER_INFO_3 structure on Windows XP and later. It is recommended that
/// applications use the USER_INFO_4 structure instead of the USER_INFO_3 structure with the above functions on Windows
/// XP and later.
///
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_user_info_4 typedef struct _USER_INFO_4 { LPWSTR
// usri4_name; LPWSTR usri4_password; DWORD usri4_password_age; DWORD usri4_priv; LPWSTR usri4_home_dir; LPWSTR usri4_comment; DWORD
// usri4_flags; LPWSTR usri4_script_path; DWORD usri4_auth_flags; LPWSTR usri4_full_name; LPWSTR usri4_usr_comment; LPWSTR
// usri4_parms; LPWSTR usri4_workstations; DWORD usri4_last_logon; DWORD usri4_last_logoff; DWORD usri4_acct_expires; DWORD
// usri4_max_storage; DWORD usri4_units_per_week; PBYTE usri4_logon_hours; DWORD usri4_bad_pw_count; DWORD usri4_num_logons; LPWSTR
// usri4_logon_server; DWORD usri4_country_code; DWORD usri4_code_page; PSID usri4_user_sid; DWORD usri4_primary_group_id; LPWSTR
// usri4_profile; LPWSTR usri4_home_dir_drive; DWORD usri4_password_expired; } USER_INFO_4, *PUSER_INFO_4, *LPUSER_INFO_4;
[PInvokeData("lmaccess.h", MSDNShortId = "66b11a5f-1c2d-4564-8845-9e2fa1f40f3e")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct USER_INFO_4
{
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string that specifies the name of the user account. For the NetUserSetInfo function, this member is ignored.
///
///
public string usri4_name;
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string that specifies the password for the user identified by the usri4_name member. The length
/// cannot exceed PWLEN bytes. The NetUserGetInfo function returns a NULL pointer to maintain password security.
///
/// By convention, the length of passwords is limited to LM20_PWLEN characters.
///
public string usri4_password;
///
/// Type: DWORD
///
/// The number of seconds that have elapsed since the usri4_password member was last changed. The NetUserAdd and
/// NetUserSetInfo functions ignore this member.
///
///
public uint usri4_password_age;
///
/// Type: DWORD
///
/// The level of privilege assigned to the usri4_name member. The NetUserAdd and NetUserSetInfo functions ignore this
/// member. This member can be one of the following values. For more information about user and group account rights, see Privileges.
///
///
///
/// Value
/// Meaning
///
/// -
/// USER_PRIV_GUEST
/// Guest
///
/// -
/// USER_PRIV_USER
/// User
///
/// -
/// USER_PRIV_ADMIN
/// Administrator
///
///
///
public UserPrivilege usri4_priv;
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string specifying the path of the home directory of the user specified by the usri4_name
/// member. The string can be NULL.
///
///
public string usri4_home_dir;
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string that contains a comment to associate with the user account. The string can be a NULL
/// string, or it can have any number of characters before the terminating null character.
///
///
public string usri4_comment;
///
/// Type: DWORD
/// This member can be one or more of the following values.
///
/// Note that setting user account control flags may require certain privileges and control access rights. For more information,
/// see the Remarks section of the NetUserSetInfo function.
///
///
///
/// Value
/// Meaning
///
/// -
/// UF_SCRIPT
/// The logon script executed. This value must be set.
///
/// -
/// UF_ACCOUNTDISABLE
/// The user's account is disabled.
///
/// -
/// UF_HOMEDIR_REQUIRED
/// The home directory is required. This value is ignored.
///
/// -
/// UF_PASSWD_NOTREQD
/// No password is required.
///
/// -
/// UF_PASSWD_CANT_CHANGE
/// The user cannot change the password.
///
/// -
/// UF_LOCKOUT
///
/// The account is currently locked out. You can call the NetUserSetInfo function to clear this value and unlock a previously
/// locked account. You cannot use this value to lock a previously unlocked account.
///
///
/// -
/// UF_DONT_EXPIRE_PASSWD
/// The password should never expire on the account.
///
/// -
/// UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED
/// The user's password is stored under reversible encryption in the Active Directory.
///
/// -
/// UF_NOT_DELEGATED
/// Marks the account as "sensitive"; other users cannot act as delegates of this user account.
///
/// -
/// UF_SMARTCARD_REQUIRED
/// Requires the user to log on to the user account with a smart card.
///
/// -
/// UF_USE_DES_KEY_ONLY
/// Restrict this principal to use only Data Encryption Standard (DES) encryption types for keys.
///
/// -
/// UF_DONT_REQUIRE_PREAUTH
/// This account does not require Kerberos preauthentication for logon.
///
/// -
/// UF_TRUSTED_FOR_DELEGATION
///
/// The account is enabled for delegation. This is a security-sensitive setting; accounts with this option enabled should be
/// tightly controlled. This setting allows a service running under the account to assume a client's identity and authenticate as
/// that user to other remote servers on the network.
///
///
/// -
/// UF_PASSWORD_EXPIRED
/// The user's password has expired. Windows 2000: This value is ignored.
///
/// -
/// UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION
///
/// The account is trusted to authenticate a user outside of the Kerberos security package and delegate that user through
/// constrained delegation. This is a security-sensitive setting; accounts with this option enabled should be tightly controlled.
/// This setting allows a service running under the account to assert a client's identity and authenticate as that user to
/// specifically configured services on the network. Windows XP/2000: This value is ignored.
///
///
///
///
/// The following values describe the account type. Only one value can be set. You cannot change the account type using the
/// NetUserSetInfo function.
///
///
///
/// Value
/// Meaning
///
/// -
/// UF_NORMAL_ACCOUNT
/// This is a default account type that represents a typical user.
///
/// -
/// UF_TEMP_DUPLICATE_ACCOUNT
///
/// This is an account for users whose primary account is in another domain. This account provides user access to this domain,
/// but not to any domain that trusts this domain. The User Manager refers to this account type as a local user account.
///
///
/// -
/// UF_WORKSTATION_TRUST_ACCOUNT
/// This is a computer account for a computer that is a member of this domain.
///
/// -
/// UF_SERVER_TRUST_ACCOUNT
/// This is a computer account for a backup domain controller that is a member of this domain.
///
/// -
/// UF_INTERDOMAIN_TRUST_ACCOUNT
/// This is a permit to trust account for a domain that trusts other domains.
///
///
///
public UserAcctCtrlFlags usri4_flags;
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string specifying the path for the user's logon script file. The script file can be a .CMD file, an
/// .EXE file, or a .BAT file. The string can also be NULL.
///
///
public string usri4_script_path;
///
/// Type: DWORD
/// The user's operator privileges.
///
/// For the NetUserGetInfo function, the appropriate value is returned based on the local group membership. If the user is a
/// member of Print Operators, AF_OP_PRINT is set. If the user is a member of Server Operators, AF_OP_SERVER is set. If the user
/// is a member of the Account Operators, AF_OP_ACCOUNTS is set. AF_OP_COMM is never set.
///
/// The NetUserAdd and NetUserSetInfo functions ignore this member.
/// This member can be one or more of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// AF_OP_PRINT
/// The print operator privilege is enabled.
///
/// -
/// AF_OP_COMM
/// The communications operator privilege is enabled.
///
/// -
/// AF_OP_SERVER
/// The server operator privilege is enabled.
///
/// -
/// AF_OP_ACCOUNTS
/// The accounts operator privilege is enabled.
///
///
///
public UserOpPriv usri4_auth_flags;
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string that contains the full name of the user. This string can be a NULL string, or it can
/// have any number of characters before the terminating null character.
///
///
public string usri4_full_name;
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string that contains a user comment. This string can be a NULL string, or it can have any
/// number of characters before the terminating null character.
///
///
public string usri4_usr_comment;
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string that is reserved for use by applications. This string can be a NULL string, or it can
/// have any number of characters before the terminating null character. Microsoft products use this member to store user
/// configuration information. Do not modify this information.
///
///
public string usri4_parms;
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string that contains the names of workstations from which the user can log on. As many as eight
/// workstations can be specified; the names must be separated by commas. If you do not want to restrict the number of
/// workstations, use a NULL string. To disable logons from all workstations to this account, set the UF_ACCOUNTDISABLE
/// value in the usri4_flags member.
///
///
public string usri4_workstations;
///
/// Type: DWORD
///
/// The date and time when the last logon occurred. This value is stored as the number of seconds that have elapsed since
/// 00:00:00, January 1, 1970, GMT. This member is ignored by the NetUserAdd and NetUserSetInfo functions.
///
///
/// This member is maintained separately on each backup domain controller (BDC) in the domain. To obtain an accurate value, you
/// must query each BDC in the domain. The last logon occurred at the time indicated by the largest retrieved value.
///
///
public uint usri4_last_logon;
///
/// Type: DWORD
/// This member is currently not used.
///
/// The date and time when the last logoff occurred. This value is stored as the number of seconds that have elapsed since
/// 00:00:00, January 1, 1970, GMT. A value of zero indicates that the last logoff time is unknown.
///
///
/// This member is maintained separately on each backup domain controller (BDC) in the domain. To obtain an accurate value, you
/// must query each BDC in the domain. The last logoff occurred at the time indicated by the largest retrieved value.
///
///
public uint usri4_last_logoff;
///
/// Type: DWORD
///
/// The date and time when the account expires. This value is stored as the number of seconds elapsed since 00:00:00, January 1,
/// 1970, GMT. A value of TIMEQ_FOREVER indicates that the account never expires.
///
///
public uint usri4_acct_expires;
///
/// Type: DWORD
/// The maximum amount of disk space the user can use. Specify USER_MAXSTORAGE_UNLIMITED to use all available disk space.
///
public uint usri4_max_storage;
///
/// Type: DWORD
///
/// The number of equal-length time units into which the week is divided. This value is required to compute the length of the bit
/// string in the usri4_logon_hours member.
///
///
/// This value must be UNITS_PER_WEEK for LAN Manager 2.0. This element is ignored by the NetUserAdd and NetUserSetInfo functions.
///
///
/// For service applications, the units must be one of the following values: SAM_DAYS_PER_WEEK, SAM_HOURS_PER_WEEK, or SAM_MINUTES_PER_WEEK.
///
///
public uint usri4_units_per_week;
///
/// Type: PBYTE
///
/// A pointer to a 21-byte (168 bits) bit string that specifies the times during which the user can log on. Each bit represents a
/// unique hour in the week, in Greenwich Mean Time (GMT).
///
///
/// The first bit (bit 0, word 0) is Sunday, 0:00 to 0:59; the second bit (bit 1, word 0) is Sunday, 1:00 to 1:59; and so on.
/// Note that bit 0 in word 0 represents Sunday from 0:00 to 0:59 only if you are in the GMT time zone. In all other cases you
/// must adjust the bits according to your time zone offset (for example, GMT minus 8 hours for Pacific Standard Time).
///
///
/// Specify a NULL pointer in this member when calling the NetUserAdd function to indicate no time restriction. Specify a
/// NULL pointer when calling the NetUserSetInfo function to indicate that no change is to be made to the times during
/// which the user can log on.
///
///
public IntPtr usri4_logon_hours;
///
/// Type: DWORD
///
/// The number of times the user tried to log on to the account using an incorrect password. A value of – 1 indicates that the
/// value is unknown. Calls to the NetUserAdd and NetUserSetInfo functions ignore this member.
///
///
/// This member is replicated from the primary domain controller (PDC); it is also maintained on each backup domain controller
/// (BDC) in the domain. To obtain an accurate value, you must query each BDC in the domain. The number of times the user tried
/// to log on using an incorrect password is the largest value retrieved.
///
///
public uint usri4_bad_pw_count;
///
/// Type: DWORD
///
/// The number of times the user logged on successfully to this account. A value of – 1 indicates that the value is unknown.
/// Calls to the NetUserAdd and NetUserSetInfo functions ignore this member.
///
///
/// This member is maintained separately on each backup domain controller (BDC) in the domain. To obtain an accurate value, you
/// must query each BDC in the domain. The number of times the user logged on successfully is the sum of the retrieved values.
///
///
public uint usri4_num_logons;
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string that contains the name of the server to which logon requests are sent. Server names should be
/// preceded by two backslashes (\). To indicate that the logon request can be handled by any logon server, specify an asterisk
/// (\*) for the server name. A NULL string indicates that requests should be sent to the domain controller.
///
/// For Windows servers, the NetUserGetInfo function returns \*.
/// The NetUserAdd and NetUserSetInfo functions ignore this member.
///
public string usri4_logon_server;
///
/// Type: DWORD
/// The country/region code for the user's language of choice.
///
public uint usri4_country_code;
///
/// Type: DWORD
/// The code page for the user's language of choice.
///
public uint usri4_code_page;
///
/// Type: PSID
///
/// A pointer to a SID structure that contains the security identifier (SID) that uniquely identifies the user. The NetUserAdd
/// and NetUserSetInfo functions ignore this member.
///
///
public PSID usri4_user_sid;
///
/// Type: DWORD
///
/// The relative identifier (RID) of the Primary Global Group for the user. When you call the NetUserAdd function, this
/// member must be DOMAIN_GROUP_RID_USERS (defined in WinNT.h). When you call NetUserSetInfo, this member must be the RID
/// of a global group in which the user is enrolled. For more information, see Well-Known SIDs and SID Components.
///
///
public uint usri4_primary_group_id;
///
/// Type: LPWSTR
///
/// A pointer to a Unicode string that specifies a path to the user's profile. This value can be a NULL string, a local
/// absolute path, or a UNC path.
///
///
public string usri4_profile;
///
/// Type: LPWSTR
/// A pointer to a Unicode string that specifies the drive letter assigned to the user's home directory for logon purposes.
///
public string usri4_home_dir_drive;
///
/// Type: DWORD
/// The password expiration information.
/// The NetUserGetInfo function return zero if the password has not expired (and nonzero if it has).
///
/// When you call NetUserAdd or NetUserSetInfo, specify a nonzero value in this member to inform users that they must change
/// their password at the next logon. To turn off this message, call NetUserSetInfo and specify zero in this member. Note
/// that you cannot specify zero to negate the expiration of a password that has already expired.
///
///
public uint usri4_password_expired;
}
///
/// The USER_MODALS_INFO_0 structure contains global password information for users and global groups in the security
/// database, which is the security accounts manager (SAM) database or, in the case of domain controllers, the Active Directory.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_user_modals_info_0 typedef struct _USER_MODALS_INFO_0 {
// DWORD usrmod0_min_passwd_len; DWORD usrmod0_max_passwd_age; DWORD usrmod0_min_passwd_age; DWORD usrmod0_force_logoff; DWORD
// usrmod0_password_hist_len; } USER_MODALS_INFO_0, *PUSER_MODALS_INFO_0, *LPUSER_MODALS_INFO_0;
[PInvokeData("lmaccess.h", MSDNShortId = "cf3dd091-106e-4a0d-b4db-62bd11fd65cf")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct USER_MODALS_INFO_0
{
/// Specifies the minimum allowable password length. Valid values for this element are zero through LM20_PWLEN.
public uint usrmod0_min_passwd_len;
///
/// Specifies, in seconds, the maximum allowable password age. A value of TIMEQ_FOREVER indicates that the password never
/// expires. The minimum valid value for this element is ONE_DAY. The value specified must be greater than or equal to the value
/// for the usrmod0_min_passwd_age member.
///
public uint usrmod0_max_passwd_age;
///
/// Specifies the minimum number of seconds that can elapse between the time a password changes and when it can be changed again.
/// A value of zero indicates that no delay is required between password updates. The value specified must be less than or equal
/// to the value for the usrmod0_max_passwd_age member.
///
public uint usrmod0_min_passwd_age;
///
/// Specifies, in seconds, the amount of time between the end of the valid logon time and the time when the user is forced to log
/// off the network. A value of TIMEQ_FOREVER indicates that the user is never forced to log off. A value of zero indicates that
/// the user will be forced to log off immediately when the valid logon time expires.
///
public uint usrmod0_force_logoff;
///
/// Specifies the length of password history maintained. A new password cannot match any of the previous
/// usrmod0_password_hist_len passwords. Valid values for this element are zero through DEF_MAX_PWHIST.
///
public uint usrmod0_password_hist_len;
}
/// The USER_MODALS_INFO_1 structure contains logon server and domain controller information.
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_user_modals_info_1 typedef struct _USER_MODALS_INFO_1 {
// DWORD usrmod1_role; LPWSTR usrmod1_primary; } USER_MODALS_INFO_1, *PUSER_MODALS_INFO_1, *LPUSER_MODALS_INFO_1;
[PInvokeData("lmaccess.h", MSDNShortId = "2cb7f310-c76e-42fd-892c-fead374af16c")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct USER_MODALS_INFO_1
{
///
/// Specifies the role of the logon server. The following values are defined.
///
///
/// Value
/// Meaning
///
/// -
/// UAS_ROLE_STANDALONE
/// The logon server is a stand-alone server.
///
/// -
/// UAS_ROLE_MEMBER
/// The logon server is a member.
///
/// -
/// UAS_ROLE_BACKUP
/// The logon server is a backup.
///
/// -
/// UAS_ROLE_PRIMARY
/// The logon server is a domain controller.
///
///
/// If the Netlogon service is not being used, the element should be set to UAS_ROLE_STANDALONE.
///
public LogonServerRole usrmod1_role;
///
/// Pointer to a Unicode string that specifies the name of the domain controller that stores the primary copy of the database for
/// the user account manager.
///
public string usrmod1_primary;
}
///
/// The USER_MODALS_INFO_1001 structure contains the minimum length for passwords in the security database, which is the
/// security accounts manager (SAM) database or, in the case of domain controllers, the Active Directory.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_user_modals_info_1001 typedef struct
// _USER_MODALS_INFO_1001 { DWORD usrmod1001_min_passwd_len; } USER_MODALS_INFO_1001, *PUSER_MODALS_INFO_1001, *LPUSER_MODALS_INFO_1001;
[PInvokeData("lmaccess.h", MSDNShortId = "ef6e63da-f092-4435-93f0-e50d2fdd5664")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct USER_MODALS_INFO_1001
{
/// Specifies the minimum allowable password length. Valid values for this element are zero through PWLEN.
public uint usrmod1001_min_passwd_len;
}
///
/// The USER_MODALS_INFO_1002 structure contains the maximum duration for passwords in the security database, which is the
/// security accounts manager (SAM) database or, in the case of domain controllers, the Active Directory.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_user_modals_info_1002 typedef struct
// _USER_MODALS_INFO_1002 { DWORD usrmod1002_max_passwd_age; } USER_MODALS_INFO_1002, *PUSER_MODALS_INFO_1002, *LPUSER_MODALS_INFO_1002;
[PInvokeData("lmaccess.h", MSDNShortId = "d4899deb-6250-4cdc-9820-56d24e3acfc1")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct USER_MODALS_INFO_1002
{
///
/// Specifies, in seconds, the maximum allowable password age. A value of TIMEQ_FOREVER indicates that the password never
/// expires. The minimum valid value for this element is ONE_DAY. The value specified must be greater than or equal to the value
/// for the usrmodX_min_passwd_age member.
///
public uint usrmod1002_max_passwd_age;
}
///
/// The USER_MODALS_INFO_1003 structure contains the minimum duration for passwords in the security database, which is the
/// security accounts manager (SAM) database or, in the case of domain controllers, the Active Directory.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_user_modals_info_1003 typedef struct
// _USER_MODALS_INFO_1003 { DWORD usrmod1003_min_passwd_age; } USER_MODALS_INFO_1003, *PUSER_MODALS_INFO_1003, *LPUSER_MODALS_INFO_1003;
[PInvokeData("lmaccess.h", MSDNShortId = "5efbba0f-b871-4ffa-8e83-abeab6b70a52")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct USER_MODALS_INFO_1003
{
///
/// Specifies the minimum number of seconds that can elapse between the time a password changes and when it can be changed again.
/// A value of zero indicates that no delay is required between password updates. The value specified must be less than or equal
/// to the value for the usrmodX_max_passwd_age member.
///
public uint usrmod1003_min_passwd_age;
}
///
/// The USER_MODALS_INFO_1004 structure contains forced logoff information for users and global groups in the security
/// database, which is the security accounts manager (SAM) database or, in the case of domain controllers, the Active Directory.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_user_modals_info_1004 typedef struct
// _USER_MODALS_INFO_1004 { DWORD usrmod1004_force_logoff; } USER_MODALS_INFO_1004, *PUSER_MODALS_INFO_1004, *LPUSER_MODALS_INFO_1004;
[PInvokeData("lmaccess.h", MSDNShortId = "c11a3c94-940e-474f-9251-a32ea098788d")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct USER_MODALS_INFO_1004
{
///
/// Specifies, in seconds, the amount of time between the end of the valid logon time and the time when the user is forced to log
/// off the network. A value of TIMEQ_FOREVER indicates that the user is never forced to log off. A value of zero indicates that
/// the user will be forced to log off immediately when the valid logon time expires.
///
public uint usrmod1004_force_logoff;
}
///
/// The USER_MODALS_INFO_1005 structure contains password history information for users and global groups in the security
/// database, which is the security accounts manager (SAM) database or, in the case of domain controllers, the Active Directory.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_user_modals_info_1005 typedef struct
// _USER_MODALS_INFO_1005 { DWORD usrmod1005_password_hist_len; } USER_MODALS_INFO_1005, *PUSER_MODALS_INFO_1005, *LPUSER_MODALS_INFO_1005;
[PInvokeData("lmaccess.h", MSDNShortId = "0156443a-e126-4aa5-a248-9ff55ff53771")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct USER_MODALS_INFO_1005
{
///
/// Specifies the length of password history that the system maintains. A new password cannot match any of the previous
/// usrmodX_password_hist_len passwords. Valid values for this element are zero through DEF_MAX_PWHIST.
///
public uint usrmod1005_password_hist_len;
}
/// The USER_MODALS_INFO_1006 structure contains logon server information.
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_user_modals_info_1006 typedef struct
// _USER_MODALS_INFO_1006 { DWORD usrmod1006_role; } USER_MODALS_INFO_1006, *PUSER_MODALS_INFO_1006, *LPUSER_MODALS_INFO_1006;
[PInvokeData("lmaccess.h", MSDNShortId = "ca5c0819-b4a0-4d07-90fc-54c86ac5ecf5")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct USER_MODALS_INFO_1006
{
///
/// Specifies the role of the logon server. This member can be one of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// UAS_ROLE_STANDALONE
/// Logon server is a stand-alone. Use this value if no logon services are available.
///
/// -
/// UAS_ROLE_MEMBER
/// Logon server is a member.
///
/// -
/// UAS_ROLE_BACKUP
/// Logon server is a backup.
///
/// -
/// UAS_ROLE_PRIMARY
/// Logon server is a domain controller.
///
///
///
public LogonServerRole usrmod1006_role;
}
/// The USER_MODALS_INFO_1007 structure contains domain controller information.
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_user_modals_info_1007 typedef struct
// _USER_MODALS_INFO_1007 { LPWSTR usrmod1007_primary; } USER_MODALS_INFO_1007, *PUSER_MODALS_INFO_1007, *LPUSER_MODALS_INFO_1007;
[PInvokeData("lmaccess.h", MSDNShortId = "aa6425eb-576c-4f6f-b9c9-96d9535bc7d6")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct USER_MODALS_INFO_1007
{
///
/// Pointer to a Unicode string that specifies the name of the domain controller that stores the primary copy of the database for
/// the user account manager.
///
public string usrmod1007_primary;
}
/// The USER_MODALS_INFO_2 structure contains the Security Account Manager (SAM) domain name and identifier.
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_user_modals_info_2 typedef struct _USER_MODALS_INFO_2 {
// LPWSTR usrmod2_domain_name; PSID usrmod2_domain_id; } USER_MODALS_INFO_2, *PUSER_MODALS_INFO_2, *LPUSER_MODALS_INFO_2;
[PInvokeData("lmaccess.h", MSDNShortId = "9a4b3fc1-03b5-4ba7-948f-e455c34fa234")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct USER_MODALS_INFO_2
{
///
/// Specifies the name of the Security Account Manager (SAM) domain. For a domain controller, this is the name of the domain that
/// the controller is a member of. For workstations, this is the name of the computer.
///
public string usrmod2_domain_name;
///
/// Pointer to a SID structure that contains the security identifier (SID) of the domain named by the usrmod2_domain_name member.
///
public IntPtr usrmod2_domain_id;
}
///
/// The USER_MODALS_INFO_3 structure contains lockout information for users and global groups in the security database, which
/// is the security accounts manager (SAM) database or, in the case of domain controllers, the Active Directory.
///
// https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_user_modals_info_3 typedef struct _USER_MODALS_INFO_3 {
// DWORD usrmod3_lockout_duration; DWORD usrmod3_lockout_observation_window; DWORD usrmod3_lockout_threshold; } USER_MODALS_INFO_3,
// *PUSER_MODALS_INFO_3, *LPUSER_MODALS_INFO_3;
[PInvokeData("lmaccess.h", MSDNShortId = "39f85712-1afd-4e34-8e7b-0938a7a48234")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct USER_MODALS_INFO_3
{
/// Specifies, in seconds, how long a locked account remains locked before it is automatically unlocked.
public uint usrmod3_lockout_duration;
///
/// Specifies the maximum time, in seconds, that can elapse between any two failed logon attempts before lockout occurs.
///
public uint usrmod3_lockout_observation_window;
///
/// Specifies the number of invalid password authentications that can occur before an account is marked "locked out."
///
public uint usrmod3_lockout_threshold;
}
/// Provides a for password policy that is disposed using .
///
public class SafePwdPolicy : SafeHANDLE
{
/// Initializes a new instance of the class and assigns an existing handle.
/// An object that represents the pre-existing handle to use.
///
/// to reliably release the handle during the finalization phase; otherwise, (not recommended).
///
public SafePwdPolicy(IntPtr preexistingHandle, bool ownsHandle = true) : base(preexistingHandle, ownsHandle) { }
/// Initializes a new instance of the class.
private SafePwdPolicy() : base() { }
///
/// Internal method that actually releases the handle. This is called by
/// for valid handles and afterwards zeros the handle.
///
/// true to indicate successful release of the handle; false otherwise.
///
protected override bool InternalReleaseHandle() => NetValidatePasswordPolicyFree(handle).Succeeded;
}
}
}