| 术语 | netuserenum |
| 释义 | NetUserEnum 语法: C++ NET_API_STATUS NetUserEnum( __in LPCWSTR servername, __in DWORD level, __in DWORD filter, __out LPBYTE *bufptr, __in DWORD prefmaxlen, __out LPDWORD entriesread, __out LPDWORD totalentries, __inout LPDWORD resume_handle ); NetUserEnum功能 该NetUserEnum功能提供了有关服务器上的所有用户帐户的信息。 要快速枚举用户,计算机或全局组帐户信息,调用NetQueryDisplayInformation功能。 参数 服务器名 [in] 指针常量字符串指定的DNS或NetBIOS的远程服务器上的功能是执行的名称。如果该参数为NULL,则使用本地计算机。 Level [in] 指定的数据信息的Level。此参数可以是下列值之一。 ValueMeaning 0Return用户帐户名。在bufptr参数指向一个USER_INFO_0结构的数组。 1Return的详细信息的用户帐户。在bufptr参数指向一个USER_INFO_1结构的数组。 2Return的详细信息的用户帐户,包括授权级别和登录信息。在bufptr参数指向一个USER_INFO_2结构的数组。 3Return的详细信息的用户帐户,包括授权级别,登录信息,为用户RID的和初级组,配置文件信息。在bufptr参数指向一个USER_INFO_3结构的数组。 10Return用户和帐户名和评论。在bufptr参数指向一个USER_INFO_10结构的数组。 11Return的详细信息的用户帐户。在bufptr参数指向一个USER_INFO_11结构的数组。 20Return用户的名称和标识以及各种帐户属性。在bufptr参数指向一个USER_INFO_20结构的数组。请注意,在Windows XP和更高,建议您使用USER_INFO_23代替。 23Return用户的名称和标识以及各种帐户属性。在bufptr参数指向一个USER_INFO_23结构的数组。 Windows 2000中:此级别不支持。 过滤器 [in] 指定一个值,该过滤器的枚举帐户类型。值为零表示所有帐户类型。此参数可以是下列值之一。 ValueMeaning FILTER_TEMP_DUPLICATE_ACCOUNTEnumerates本地用户在域控制器上的帐户数据。 FILTER_NORMAL_ACCOUNTEnumerates全球用户计算机上的帐户数据。 FILTER_INTERDOMAIN_TRUST_ACCOUNTEnumerates域信任域控制器上的帐户数据。该数据与指定的信任域域的帐户。 FILTER_WORKSTATION_TRUST_ACCOUNTEnumerates工作站或成员服务器的帐户数据域控制器上。 FILTER_SERVER_TRUST_ACCOUNTEnumerates域控制器在域控制器上的帐户数据。 bufptr [out] 指针的缓冲区,接收数据。这一数据格式取决于Level的参数值。此缓冲区分配制度,必须使用NetApiBufferFree释放功能。请注意,您必须释放缓冲区,即使函数ERROR_MORE_DATA失败。 prefmaxlen [in] 指定首选的最大长度,在8位的返回的数据字节。如果您指定MAX_PREFERRED_LENGTH,功能分配用于数据所需的内存量。如果指定这个参数在另一个值,它可以限制的字节数函数返回。如果缓冲区大小不足以容纳所有作品,该函数返回ERROR_MORE_DATA。有关更多信息,请参阅网络管理功能,缓冲器和网络管理功能缓冲区长度。 entriesread [out] 指针的值,它接收元素计数实际列举。 totalentries [out] 指针的值,它接收了本来可以列举参赛总人数从目前的恢复情况。请注意,应用程序应考虑仅作为提示此值。如果应用程序是一个视窗2000或更高版本的域控制器进行通讯,您应该考虑使用ADSI LDAP提供检索此类型的数据更有效。在ADSI LDAP提供程序实现了ADSI对象集,支持各种ADSI接口。有关更多信息,请参阅ADSI的服务提供商。 LAN管理器:如果呼叫的计算机运行的LAN Manager 2.x中,totalentries参数将始终反映在数据库中,无论是参赛人数在那里恢复序列。 resume_handle [ in , out ] 指针的值,它包含简历处理,用于现有用户继续搜寻。手柄应在第一次调用零,离开后续调用不变。如果该参数为NULL,则没有恢复处理存储。 返回值 如果函数成功,返回值是NERR_Success。 如果函数失败,返回值可以是下面的错误代码之一。 返回codeDescription ERROR_ACCESS_DENIEDThe用户没有获得所需的信息。 NERR_InvalidComputerThe计算机名无效。 ERROR_MORE_DATAMore项可用。指定一个足够大的缓冲区接收的所有条目。 备注 如果您是Active Directory的程序,您可以调用某些Active Directory服务接口(ADSI)的方法来达到同样的功能,您可以通过调用用户的网络管理功能。有关更多信息,请参阅IADsUser和IADsComputer。 如果您调用域控制器上运行Active Directory的NetUserEnum功能,允许访问或拒绝的访问控制列表的安全对象(ACL)的基础。默认的ACL允许所有经过身份验证的用户和“前成员Windows2000兼容访问”组查看信息。如果您调用一个成员服务器或工作站,所有的身份验证的用户可以查看此功能的信息。有关匿名访问的信息,并限制在这些平台上匿名访问,看到了网络管理功能的安全要求。欲了解更多有关的ACL,ACE的,和访问令牌信息,请访问控制模型。 该NetUserEnum函数只返回信息,而来电者具有读取权限。调用者必须具有名单到域对象的内容访问,并列举整个SAM域上的SAM服务器访问对象在系统容器中。 在LsaEnumerateTrustedDomains或LsaEnumerateTrustedDomainsEx函数可用于检索的姓名和信任域的SID本地安全机构(LSA)策略对象。 该NetUserEnum函数不返回所有的系统用户。它返回只有那些已与谁向NetUserAdd函数调用添加的用户。毫无疑问的用户名单将于有序返回的保证。 如果您调用NetUserEnum和指定信息化Level1,2或3,每个成员结构的密码设置为NULL,以维护密码安全。 用户帐户名称被限制为20个字符和组名称被限制为256个字符。此外,帐户名称不能终止的期间,他们不能包含逗号或以下打印字符:“,/,\\,[,]:,|,”,“+,=,,,?, *.名称也不能包括在1-31范围内,这些非打印字符。 实例 下面的代码示例演示了如何检索有关上,以该NetUserEnum函数调用服务器上的用户帐户的信息。该范例调用NetUserEnum,指定信息化Level0(USER_INFO_0)枚举全球唯一用户帐户。如果调用成功,通过项目的代码循环并打印每个用户帐户的名称。最后,代码示例释放的信息缓冲区分配的内存,并打印的用户总数枚举。 #ifndef UNICODE #define UNICODE #endif #pragma comment(lib, "netapi32.lib") #include #include #include #include int wmain(int argc, wchar_t *argv[]) { LPUSER_INFO_0 pBuf = NULL; LPUSER_INFO_0 pTmpBuf; DWORD dwLevel = 0; DWORD dwPrefMaxLen = MAX_PREFERRED_LENGTH; DWORD dwEntriesRead = 0; DWORD dwTotalEntries = 0; DWORD dwResumeHandle = 0; DWORD i; DWORD dwTotalCount = 0; NET_API_STATUS nStatus; LPTSTR pszServerName = NULL; if (argc > 2) { fwprintf(stderr, L"Usage: %s [\\\\\\\\ServerName]\\n", argv[0]); exit(1); } // The server is not the default local computer. // if (argc == 2) pszServerName = (LPTSTR) argv[1]; wprintf(L"\\nUser account on %s: \\n", pszServerName); // // Call the NetUserEnum function, specifying level 0; // enumerate global user account types only. // do // begin do { nStatus = NetUserEnum((LPCWSTR) pszServerName, dwLevel, FILTER_NORMAL_ACCOUNT, // global users (LPBYTE*)&pBuf, dwPrefMaxLen, &dwEntriesRead, &dwTotalEntries, &dwResumeHandle); // // If the call succeeds, // if ((nStatus == NERR_Success) || (nStatus == ERROR_MORE_DATA)) { if ((pTmpBuf = pBuf) != NULL) { // // Loop through the entries. // for (i = 0; (i < dwEntriesRead); i++) { assert(pTmpBuf != NULL); if (pTmpBuf == NULL) { fprintf(stderr, "An access violation has occurred\\n"); break; } // // Print the name of the user account. // wprintf(L"\\t-- %s\\n", pTmpBuf->usri0_name); pTmpBuf++; dwTotalCount++; } } } // // Otherwise, print the system error. // else fprintf(stderr, "A system error has occurred: %d\\n", nStatus); // // Free the allocated buffer. // if (pBuf != NULL) { NetApiBufferFree(pBuf); pBuf = NULL; } } // Continue to call NetUserEnum while // there are more entries. // while (nStatus == ERROR_MORE_DATA); // end do // // Check again for allocated memory. // if (pBuf != NULL) NetApiBufferFree(pBuf); // // Print the final count of users enumerated. // fprintf(stderr, "\\nTotal of %d entries enumerated\\n", dwTotalCount); return 0; } 要求: 最低支持:client-Windows 2000专业版 最低支持server-Windows 2000服务器 HeaderLmaccess.h(包括Lm.h) LibraryNetapi32.lib DLLNetapi32.dll 参见 网络管理概述 网络管理功能 用户功能 LsaEnumerateTrustedDomains LsaEnumerateTrustedDomainsEx NetQueryDisplayInformation NetUserGetGroups NetUserGetInfo NetUserAdd USER_INFO_0 USER_INFO_1 USER_INFO_2 USER_INFO_10 USER_INFO_11 USER_INFO_23 如果有任何问题和意见,请发送给微软(wsddocfb@microsoft.com) 生成日期:2009年8月13日 ==英文原文==NetUserEnum Function The NetUserEnum function provides information about all user accounts on a server. To quickly enumerate user, computer, or global group account information, call the NetQueryDisplayInformation function. Syntax C++ NET_API_STATUS NetUserEnum( __in LPCWSTR servername, __in DWORD level, __in DWORD filter, __out LPBYTE *bufptr, __in DWORD prefmaxlen, __out LPDWORD entriesread, __out LPDWORD totalentries, __inout LPDWORD resume_handle ); Parameters servername [in] Pointer to a constant string that specifies the DNS or NetBIOS name of the remote server on which the function is to execute. If this parameter is NULL, the local computer is used. level [in] Specifies the information level of the data. This parameter can be one of the following values. ValueMeaning 0Return user account names. The bufptr parameter points to an array of USER_INFO_0 structures. 1Return detailed information about user accounts. The bufptr parameter points to an array of USER_INFO_1 structures. 2Return detailed information about user accounts, including authorization levels and logon information. The bufptr parameter points to an array of USER_INFO_2 structures. 3Return detailed information about user accounts, including authorization levels, logon information, RIDs for the user and the primary group, and profile information. The bufptr parameter points to an array of USER_INFO_3 structures. 10Return user and account names and comments. The bufptr parameter points to an array of USER_INFO_10 structures. 11Return detailed information about user accounts. The bufptr parameter points to an array of USER_INFO_11 structures. 20Return the user's name and identifier and various account attributes. The bufptr parameter points to an array of USER_INFO_20 structures. Note that on Windows XP and later, it is recommended that you use USER_INFO_23 instead. 23Return the user's name and identifier and various account attributes. The bufptr parameter points to an array of USER_INFO_23 structures. Windows 2000: This level is not supported. filter [in] Specifies a value that filters the account types for enumeration. A value of zero indicates all account types. This parameter can be one of the following values. ValueMeaning FILTER_TEMP_DUPLICATE_ACCOUNTEnumerates local user account data on a domain controller. FILTER_NORMAL_ACCOUNTEnumerates global user account data on a computer. FILTER_INTERDOMAIN_TRUST_ACCOUNTEnumerates domain trust account data on a domain controller. The data is associated with the accounts of domains trusting the specified domain. FILTER_WORKSTATION_TRUST_ACCOUNTEnumerates workstation or member server account data on a domain controller. FILTER_SERVER_TRUST_ACCOUNTEnumerates domain controller account data on a domain controller. bufptr [out] Pointer to the buffer that receives the data. The format of this data depends on the value of the level parameter. This buffer is allocated by the system and must be freed using the NetApiBufferFree function. Note that you must free the buffer even if the function fails with ERROR_MORE_DATA. prefmaxlen [in] Specifies the preferred maximum length, in 8-bit bytes of returned data. If you specify MAX_PREFERRED_LENGTH, the function allocates the amount of memory required for the data. If you specify another value in this parameter, it can restrict the number of bytes that the function returns. If the buffer size is insufficient to hold all entries, the function returns ERROR_MORE_DATA. For more information, see Network Management Function Buffers and Network Management Function Buffer Lengths . entriesread [out] Pointer to a value that receives the count of elements actually enumerated. totalentries [out] Pointer to a value that receives the total number of entries that could have been enumerated from the current resume position. Note that applications should consider this value only as a hint. If your application is communicating with a Windows2000 or later domain controller, you should consider using the ADSI LDAP Provider to retrieve this type of data more efficiently. The ADSI LDAP Provider implements a set of ADSI objects that support various ADSI interfaces. For more information, see ADSI Service Providers . LAN Manager: If the call is to a computer that is running LAN Manager 2.x, the totalentries parameter will always reflect the total number of entries in the database no matter where it is in the resume sequence. resume_handle [in, out] Pointer to a value that contains a resume handle which is used to continue an existing user search. The handle should be zero on the first call and left unchanged for subsequent calls. If this parameter is NULL, then no resume handle is stored. Return Value If the function succeeds, the return value is NERR_Success. If the function fails, the return value can be one of the following error codes. Return codeDescription ERROR_ACCESS_DENIEDThe user does not have access to the requested information. NERR_InvalidComputerThe computer name is invalid. ERROR_MORE_DATAMore entries are available. Specify a large enough buffer to receive all entries. Remarks If you are programming for Active Directory, you may be able to call certain Active Directory Service Interface (ADSI) methods to achieve the same functionality you can achieve by calling the network management user functions. For more information, see IADsUser and IADsComputer . If you call the NetUserEnum function on a domain controller that is running Active Directory, access is allowed or denied based on the access control list (ACL) for the securable object . The default ACL permits all authenticated users and members of the " Pre-Windows2000 compatible access " group to view the information. If you call this function on a member server or workstation, all authenticated users can view the information. For information about anonymous access and restricting anonymous access on these platforms, see Security Requirements for the Network Management Functions . For more information on ACLs, ACEs, and access tokens, see Access Control Model . The NetUserEnum function only returns information to which the caller has Read access. The caller must have List Contents access to the Domain object, and Enumerate Entire SAM Domain access on the SAM Server object located in the System container. The LsaEnumerateTrustedDomains or LsaEnumerateTrustedDomainsEx function can be used to retrieve the names and SIDs of domains trusted by a Local Security Authority (LSA) policy object. The NetUserEnum function does not return all system users. It returns only those users who have been added with a call to the NetUserAdd function. There is no guarantee that the list of users will be returned in sorted order. If you call NetUserEnum and specify information level 1, 2, or 3, the password member of each structure is set to NULL to maintain password security. User account names are limited to 20 characters and group names are limited to 256 characters. In addition, account names cannot be terminated by a period and they cannot include commas or any of the following printable characters: ", /, \\, [, ], :, |, <, >, +, =, ;, ?, *. Names also cannot include characters in the range 1-31, which are nonprintable. Examples The following code sample demonstrates how to retrieve information about the user accounts on a server with a call to the NetUserEnum function. The sample calls NetUserEnum, specifying information level 0 ( USER_INFO_0 ) to enumerate only global user accounts. If the call succeeds, the code loops through the entries and prints the name of each user account. Finally, the code sample frees the memory allocated for the information buffer and prints a total of the users enumerated. #ifndef UNICODE #define UNICODE #endif #pragma comment(lib, "netapi32.lib") #include #include #include #include int wmain(int argc, wchar_t *argv[]) { LPUSER_INFO_0 pBuf = NULL; LPUSER_INFO_0 pTmpBuf; DWORD dwLevel = 0; DWORD dwPrefMaxLen = MAX_PREFERRED_LENGTH; DWORD dwEntriesRead = 0; DWORD dwTotalEntries = 0; DWORD dwResumeHandle = 0; DWORD i; DWORD dwTotalCount = 0; NET_API_STATUS nStatus; LPTSTR pszServerName = NULL; if (argc > 2) { fwprintf(stderr, L"Usage: %s [\\\\\\\\ServerName]\\n", argv[0]); exit(1); } // The server is not the default local computer. // if (argc == 2) pszServerName = (LPTSTR) argv[1]; wprintf(L"\\nUser account on %s: \\n", pszServerName); // // Call the NetUserEnum function, specifying level 0; // enumerate global user account types only. // do // begin do { nStatus = NetUserEnum((LPCWSTR) pszServerName, dwLevel, FILTER_NORMAL_ACCOUNT, // global users (LPBYTE*)&pBuf, dwPrefMaxLen, &dwEntriesRead, &dwTotalEntries, &dwResumeHandle); // // If the call succeeds, // if ((nStatus == NERR_Success) || (nStatus == ERROR_MORE_DATA)) { if ((pTmpBuf = pBuf) != NULL) { // // Loop through the entries. // for (i = 0; (i < dwEntriesRead); i++) { assert(pTmpBuf != NULL); if (pTmpBuf == NULL) { fprintf(stderr, "An access violation has occurred\\n"); break; } // // Print the name of the user account. // wprintf(L"\\t-- %s\\n", pTmpBuf->usri0_name); pTmpBuf++; dwTotalCount++; } } } // // Otherwise, print the system error. // else fprintf(stderr, "A system error has occurred: %d\\n", nStatus); // // Free the allocated buffer. // if (pBuf != NULL) { NetApiBufferFree(pBuf); pBuf = NULL; } } // Continue to call NetUserEnum while // there are more entries. // while (nStatus == ERROR_MORE_DATA); // end do // // Check again for allocated memory. // if (pBuf != NULL) NetApiBufferFree(pBuf); // // Print the final count of users enumerated. // fprintf(stderr, "\\nTotal of %d entries enumerated\\n", dwTotalCount); return 0; } Requirements Minimum supported clientWindows 2000 Professional Minimum supported serverWindows 2000 Server HeaderLmaccess.h (include Lm.h) LibraryNetapi32.lib DLLNetapi32.dll See Also Network Management Overview Network Management Functions User Functions LsaEnumerateTrustedDomains LsaEnumerateTrustedDomainsEx NetQueryDisplayInformation NetUserGetGroups NetUserGetInfo NetUserAdd USER_INFO_0 USER_INFO_1 USER_INFO_2 USER_INFO_10 USER_INFO_11 USER_INFO_23 Send comments about this topic to Microsoft Build date: 8/13/2009 ==原始网址==http://msdn.microsoft.com/en-us/library/aa370652(VS.85).aspx\n |
| 随便看 |
|
windows api函数参考手册包含2258条windows api函数文档,详细介绍nodejs、java、rust调用windows api的方法技巧,是学习windows api编程的入门中文文档。