3.1.5.5.5.1 Common Processing

  • Article

  1. UserHandle.GrantedAccess MUST have the required access shown in the following table; on error, the server MUST return STATUS_ACCESS_DENIED. If there is no match on Information Level, the server MUST return an error.

    Information level

    Required access

    UserAccountInformation

    USER_READ_GENERAL | USER_READ_PREFERENCES | USER_READ_LOGON | USER_READ_ACCOUNT

    UserGeneralInformation

    USER_READ_GENERAL

    UserPrimaryGroupInformation

    USER_READ_GENERAL

    UserNameInformation

    USER_READ_GENERAL

    UserAccountNameInformation

    USER_READ_GENERAL

    UserFullNameInformation

    USER_READ_GENERAL

    UserAdminCommentInformation

    USER_READ_GENERAL

    UserPreferencesInformation

    USER_READ_PREFERENCES | USER_READ_GENERAL

    UserLogonInformation

    USER_READ_GENERAL | USER_READ_PREFERENCES | USER_READ_LOGON | USER_READ_ACCOUNT

    UserLogonHoursInformation

    USER_READ_LOGON

    UserHomeInformation

    USER_READ_LOGON

    UserScriptInformation

    USER_READ_LOGON

    UserProfileInformation

    USER_READ_LOGON

    UserWorkStationsInformation

    USER_READ_LOGON

    UserControlInformation

    USER_READ_ACCOUNT

    UserExpiresInformation

    USER_READ_ACCOUNT

    UserParametersInformation

    USER_READ_ACCOUNT (*)

    (*) In the DC configuration, this handle-based check MUST be relaxed if the client has ACTRL_DS_READ_PROP access on the userParameters attribute (globally unique identifier (GUID) bf967a6d-0de6-11d0-a285-00aa003049e2).

  2. The message processing MUST be similar to a SamrQueryInformationUser2 call with the UserInformationClass parameter set to UserAllInformation (section 3.1.5.5.5.2); that is, similar in the manner in which the fields are set from database attributes, but different in that the only processing errors that are propagated to the client are those errors related to the fields specifically requested. On return, the requested fields MUST be set to the value of the field with the same name in the SAMPR_USER_ALL_INFORMATION structure.

    The following table shows an example for an information level of UserGeneralInformation.

    Information level: UserGeneralInformation

    Field of the Buffer parameter

    Field value (from SAMPR_USER_ALL)

    General.UserName

    UserName

    General.FullName

    FullName

    General.PrimaryGroupId

    PrimaryGroupId

    General.AdminComment

    AdminComment

    General.UserComment

    UserComment