Win32_UserAccount class

The Win32_UserAccount WMI class contains information about a user account on a computer system running Windows.

Note

Because both the Name and Domain are key properties, enumerating Win32_UserAccount on a large network can negatively affect performance. Calling GetObject or querying for a specific instance has less impact.

 

The following syntax is simplified from Managed Object Format (MOF) code and includes all of the inherited properties. Properties and methods are in alphabetic order, not MOF order.

Syntax

[Dynamic, Provider("CIMWin32"), UUID("{8502C4CC-5FBB-11D2-AAC1-006008C78BC7}"), AMENDMENT]
class Win32_UserAccount : Win32_Account
{
  uint32   AccountType;
  string   Caption;
  string   Description;
  boolean  Disabled;
  string   Domain;
  string   FullName;
  datetime InstallDate;
  boolean  LocalAccount;
  boolean  Lockout;
  string   Name;
  boolean  PasswordChangeable;
  boolean  PasswordExpires;
  boolean  PasswordRequired;
  string   SID;
  uint8    SIDType;
  string   Status;
};

Members

The Win32_UserAccount class has these types of members:

Methods

The Win32_UserAccount class has these methods.

Method Description
Rename Allows for the renaming of the user account.

 

Properties

The Win32_UserAccount class has these properties.

AccountType

Data type: uint32

Access type: Read-only

Qualifiers: MappingStrings ("Win32API|Network Management Structures|USER_INFO_2|usri2_flags")

Flags that describe the characteristics of a Windows user account.

Temporary duplicate account (256)

UF_TEMP_DUPLICATE_ACCOUNT

Local user account for users who have a primary account in another domain. This account provides user access to this domain only—not to any domain that trusts this domain.

Normal account (512)

UF_NORMAL_ACCOUNT

Default account type that represents a typical user.

Interdomain trust account (2048)

UF_INTERDOMAIN_TRUST_ACCOUNT

Account for a system domain that trusts other domains.

Workstation trust account (4096)

UF_WORKSTATION_TRUST_ACCOUNT

Computer account for a computer system running Windows that is a member of this domain.

Server trust account (8192)

UF_SERVER_TRUST_ACCOUNT

Account for a system backup domain controller that is a member of this domain.

Caption

Data type: string

Access type: Read-only

Qualifiers: MaxLen (64), DisplayName ("Caption")

Domain and username of the account.

This property is inherited from CIM_ManagedSystemElement.

Description

Data type: string

Access type: Read-only

Qualifiers: DisplayName ("Description")

Description of the account.

This property is inherited from CIM_ManagedSystemElement.

Disabled

Data type: boolean

Access type: Read/write

Qualifiers: MappingStrings ("Win32API|Network Management Structures|USER_INFO|UF_ACCOUNTDISABLE")

Windows user account is disabled.

Domain

Data type: string

Access type: Read-only

Qualifiers: Override ("Domain"), MappingStrings ("Win32API|Network Management Functions|domainname")

Name of the Windows domain to which a user account belongs, for example: "NA-SALES".

FullName

Data type: string

Access type: Read/write

Qualifiers: MappingStrings ("Win32API|Network Management Structures|USER_INFO_2|usri2_full_name")

Full name of a local user, for example: "Dan Wilson".

InstallDate

Data type: datetime

Access type: Read-only

Qualifiers: MappingStrings ("MIF.DMTF|ComponentID|001.5"), DisplayName ("Install Date")

Date the object is installed. This property does not need a value to indicate that the object is installed.

This property is inherited from CIM_ManagedSystemElement.

LocalAccount

Data type: boolean

Access type: Read-only

Qualifiers: Fixed

If true, the account is defined on the local computer.

This property is inherited from Win32_Account.

Lockout

Data type: boolean

Access type: Read/write

Qualifiers: MappingStrings ("Win32API|Network Management Structures|USER_INFO_2|UF_LOCKOUT")

If true, the user account is locked out of the Windows operating system.

Name

Data type: string

Access type: Read-only

Qualifiers: Override ("Name"), MappingStrings ("Win32API|Network Management Structures|name")

Name of the Windows user account on the domain that the Domain property of this class specifies.

Example: "danwilson".

This property is inherited from CIM_ManagedSystemElement.

PasswordChangeable

Data type: boolean

Access type: Read/write

Qualifiers: MappingStrings ("Win32API|Network Management Structures|USER_INFO_2|UF_PASSWD_CANT_CHANGE")

If true, the password on this user account can be changed.

PasswordExpires

Data type: boolean

Access type: Read/write

Qualifiers: MappingStrings ("Win32API|Network Management Structures|USER_INFO_2|UF_DONT_EXPIRE_PASSWD")

If true, the password on this user account expires.

PasswordRequired

Data type: boolean

Access type: Read/write

Qualifiers: MappingStrings ("Win32API|Network Management Structures|USER_INFO_2|UF_PASSWD_NOTREQD")

If true, a password is required on a Windows user account. If false, this account does not require a password.

SID

Data type: string

Access type: Read-only

Qualifiers: Fixed, MappingStrings ("Win32API|Security Identifiers (SIDs)")

Security identifier (SID) for this account. A SID is a string value of variable length that is used to identify a trustee. Each account has a unique SID that an authority, such as a Windows domain, issues. The SID is stored in the security database. When a user logs on, the system retrieves the user SID from the database, places the SID in the user access token, and then uses the SID in the user access token to identify the user in all subsequent interactions with Windows security. Each SID is a unique identifier for a user or group, and a different user or group cannot have the same SID.

This property is inherited from Win32_Account.

SIDType

Data type: uint8

Access type: Read-only

Qualifiers: Fixed, MappingStrings ("Win32API|Access Control Enumeration Types|SID_NAME_USE")

Enumerated value that specifies the type of SID.

This property is inherited from Win32_Account.

SidTypeUser (1)

SidTypeGroup (2)

SidTypeDomain (3)

SidTypeAlias (4)

SidTypeWellKnownGroup (5)

SidTypeDeletedAccount (6)

SidTypeInvalid (7)

SidTypeUnknown (8)

SidTypeComputer (9)

Status

Data type: string

Access type: Read-only

Qualifiers: MaxLen (10), DisplayName ("Status")

Current status of an object. Various operational and nonoperational statuses can be defined. Operational statuses include: "OK", "Degraded", and "Pred Fail", which is an element such as a SMART-enabled hard disk drive that may be functioning properly, but predicts a failure in the near future. Nonoperational statuses include: "Error", "Starting", "Stopping", and "Service", which can apply during mirror resilvering of a disk, reloading a user permissions list, or other administrative work.

This property is inherited from CIM_ManagedSystemElement.

Values include the following:

OK ("OK")

Error ("Error")

Degraded ("Degraded")

Unknown ("Unknown")

Pred Fail ("Pred Fail")

Starting ("Starting")

Stopping ("Stopping")

Service ("Service")

Stressed ("Stressed")

NonRecover ("NonRecover")

No Contact ("No Contact")

Lost Comm ("Lost Comm")

Remarks

The Win32_UserAccount class is derived from Win32_Account.

Note

An error is not returned for an attempt to write to a read-only property, and the value of the property remains unchanged.

 

Examples

The List Local User Accounts Using WMI VBScript code sample on TechNet Gallery uses Win32_UserAccount to Returns information about the local user accounts found on a computer.

The Translate SID to User Account and User Account to SID PowerShell code sample on TechNet Gallery uses Win32_UserAccount to translate a SID to User Account and/or a User Account to SID.

The following VBScript code example shows you how to get the full name of a user on a local computer. The full name is the human language name, for example, a person may have the user name of "kensanchez" and the full name may be "Ken Sanchez", so you substitute the real domain name and user name for "MyDomainName" and "MyUserName". For an efficient query, you must specify both the domain and user name properties.

If you are an administrator on a remote computer, you can assign the name of the remote computer for strComputer (instead of "."), and then use the following type of script to get the full name of a user account on a local computer—from a remote computer.

On Error Resume Next
strComputer = "."

Set objUserAccount = GetObject("winmgmts{impersonationLevel=impersonate}!\\" & strComputer _
    & "\root\cimv2:Win32_UserAccount.Domain='MyDomainName',Name='MyUserName' ")

If Err = 0 Then
    WScript.Echo objUserAccount.FullName
Else
    WScript.Echo "No object found" & Err.Number
End If
using System.Management;

{
     ManagementScope mgmtScope = new ManagementScope("\\\\.\\Root\\CIMv2");
     ObjectQuery oQuery = new ObjectQuery("SELECT * FROM Win32_UserAccount Where Name=\"myUserName\"");
     ManagementObjectSearcher mgmtSearch = new ManagementObjectSearcher(mgmtScope, oQuery);
     ManagementObjectCollection objCollection = mgmtSearch.Get();
     foreach (ManagementObject mgmtObject in objCollection)
     {
          Console.WriteLine("Full Name : {0}", mgmtObject["FullName"]);
     }
}

Requirements

Minimum supported client
Windows Vista
Minimum supported server
Windows Server 2008
Namespace
Root\CIMV2
MOF
CIMWin32.mof
DLL
CIMWin32.dll

See also

Win32_Account

Operating System Classes