2.2.6.1 Common User Fields

There are a number of user-related structures that use the same fields, as denoted by their field names. This section specifies all such fields.

These structures group the available set of user attributes in different ways to allow the client greater control over which attributes are queried or set. While each structure might have a different subset of these attributes, they all draw from this same set of attributes, detailed as follows.

There are a number of fields that are of type "user profile information" (as indicated in their descriptions). The server does not enforce any format restrictions on these values during an update. These values are used by authentication protocols—Kerberos, for example, as specified in [MS-PAC] section 2.5—to communicate end-user environment values to an interactive-logon application running on a member workstation or server. For clarity, Windows behavior is cited in this section to describe the expectations of such Windows interactive-logon applications with respect to these values. If no Windows behavior is cited, there is no expectation of a specific format.

The mapping between the fields described below and the actual attributes in the database is defined in section 3.1.5.14.11.

AccountExpires: A 64-bit value, equivalent to a FILETIME, indicating the time at which an account is no longer permitted to log on.

AdminComment: A counted Unicode string of type RPC_UNICODE_STRING, indicating the description of the user object.

BadPasswordCount: A 16-bit unsigned integer indicating the number of bad password attempts. This field is read-only.

CodePage: A 16-bit unsigned integer indicating a code page preference specific to this user object. The space of values is the Microsoft code page designation. For more information, see [MSDN-CP].

CountryCode: A 16-bit unsigned integer indicating a country preference specific to this user. The space of values is the international country calling code, as specified in [E164]. For example, the country code of the United Kingdom, in decimal notation, is 44.

FullName: A counted Unicode string of type RPC_UNICODE_STRING, indicating a free format string for any name type (for example, "Akers, Kim").

HomeDirectory: A counted Unicode string of type RPC_UNICODE_STRING, indicating a directory for use by an end-user interactive-logon application. This is user profile information.<14>

HomeDirectoryDrive: A counted Unicode string of type RPC_UNICODE_STRING, indicating the disk drive to which HomeDirectory is relative. This is user profile information.<15>

LastLogoff: A 64-bit value, equivalent to a FILETIME, indicating the time at which the account last logged off. This field is read-only.<16>

LastLogon: A 64-bit value, equivalent to a FILETIME, indicating the time at which the account last logged on. This field is read-only.<17>

LogonCount: A 16-bit unsigned integer indicating the number of times that the user account has been authenticated. This field is read-only.<18>

LogonHours: A binary value with the structure SAMPR_LOGON_HOURS, indicating a logon policy describing the time periods during which the user can authenticate. This policy is specified in detail in section 2.2.6.5.

Parameters: A binary value stored in the Buffer field of a RPC_UNICODE_STRING for per-user application state. Per-user application state is any binary data that an application associates with a user. However, because there is no requirement for the server of this protocol to enforce any format, application developers are discouraged from using this mechanism in order to avoid the chance of one application overwriting another application's data.

PasswordCanChange: A 64-bit value, equivalent to a FILETIME, indicating the time at which a password change request will be accepted by the server. This field is read-only.

PasswordExpired: A 1-byte value. On receipt at the server, a nonzero value for this field indicates that the password MUST be expired immediately (see SamrSetInformationUser2 (section 3.1.5.6.4) for details). On receipt at the client, a nonzero value for this field indicates that the password has expired; a value of zero indicates that the password has not expired.

PasswordLastSet: A 64-bit value, equivalent to a FILETIME, indicating the time at which a password was last updated. This field is read-only.

PasswordMustChange: A 64-bit value, equivalent to a FILETIME, indicating the time at which authentications will fail unless a password reset or change occurs. This field is read-only.

PrimaryGroupId: A 32-bit unsigned integer indicating the primary group ID of the user.

ProfilePath: A counted Unicode string of type RPC_UNICODE_STRING, containing a UNC path to a network-based user profile. This is user profile information.

ScriptPath: A counted Unicode string of type RPC_UNICODE_STRING, containing a UNC path to a network-based script or executable file that is executed during an interactive logon. This is user profile information.

UserAccountControl: A 32-bit bit field specifying characteristics of the account. See section 2.2.1.12 for possible values.

UserComment: A counted Unicode string of type RPC_UNICODE_STRING containing an end-user–writable comment about the user. This is distinguished from AdminComment by the fact that, by default, end users can update this value on their own accounts.

UserId: A 32-bit unsigned integer representing the RID of the account. This field is read-only.

UserName: A counted Unicode string of type RPC_UNICODE_STRING containing the name of the account.

WorkStations: A binary value stored in an RPC_UNICODE_STRING structure containing the list of workstations from which the account can interactively log on. For information on the required format of the binary value, see section 3.1.1.6.