User Functions

The network management user functions control a user's account in the security database, which is the security accounts manager (SAM) database or, in the case of domain controllers, the Active Directory. The user functions are listed following.

Function Description
NetUserAdd Adds a user account and assigns a password and privilege level.
NetUserChangePassword Changes a user's password for a specified network server or domain.
NetUserDel Deletes a user account from the server.
NetUserEnum Lists all user accounts on a server.
NetUserGetGroups Returns a list of global group names to which a user belongs.
NetUserGetInfo Returns information about a particular user account on a server.
NetUserGetLocalGroups Returns a list of local group names to which a user belongs.
NetUserSetGroups Sets global group memberships for a specified user account.
NetUserSetInfo Sets the password and other elements of a user account.


Each user or application that accesses network resources must have an account in the security database. The directory services use this account to verify that the user or application has permission to connect to a resource. When a user or an application requests access to a resource, the Windows security system checks for an appropriate user account or group account to permit the access.

Once you remove a user account by calling the NetUserDel function, the user can no longer access the server except by using the guest account.

Because a user's password is confidential, it is not returned by the NetUserEnum function or the NetUserGetInfo function. The password is initially assigned when you call NetUserAdd.

User account information is available at the following levels:

In addition, the following information levels are valid when you call the NetUserSetInfo function:

The following functions enable applications to check password compliance.

Function Description
NetValidatePasswordPolicyFree Frees the memory allocated by the NetValidatePasswordPolicy function.
NetValidatePasswordPolicy Verifies that passwords meet complexity, aging, minimum length, and history reuse requirements.


If you are programming for Active Directory, you may be able to call certain Active Directory Service Interface (ADSI) methods to achieve the same functionality you can achieve by calling the network management user functions. For more information, see IADsUser and IADsComputer.