|
Field name |
Data type |
Description |
|
id_snapshot |
number |
Identifier of the network snapshot. |
|
domain_name |
string |
Domain name (or computer name) of the user account. |
|
user_sid |
string |
SID of the user. |
|
shortname |
string |
Internal name of the account. |
|
fullname |
string |
Full name of the account. |
|
passwd_age |
number |
Number of seconds elapsed since the last password change. |
|
privilege |
number |
Indicates the privilege of this user (0 for guest, 1 for normal user, or 2 for an administrator). |
|
homedir |
string |
Path of the user home directory. |
|
comments |
string |
Comment about the user. |
|
script |
string |
Path of the user's logon script. |
|
usr_comment |
string |
String containing a user comment. |
|
workstations |
string |
String that contains the names of workstations from which the user can log on. As many as eight workstations can be specified; the names must be separated by commas (,). |
|
last_logon |
time |
Time of the last user's logon. |
|
last_logoff |
time |
Time of the last user's logoff. |
|
expire_date |
time |
Time when the account will expire (if not specified, the account will never expire). |
|
logonserver |
string |
String that contains the name of the server to which logon requests are sent. Server names should be preceded by two backslashes (\\). A servername of an asterisk (\\*) indicates that the logon request can be handled by any logon server. |
|
num_logons |
string |
Number of successful logons known. |
|
num_bad_logons |
string |
Number of bad logons known. |
|
country_code |
number |
Country code for the user's language of choice. |
|
code_page |
number |
Code page for the user's language of choice. |
|
flags |
number |
Bit mask specifying more boolean properties about the account (see Appendix). |
|
rid |
number |
Specifies the relative ID (RID) of the user. The RID is determined by the SAM when the user is created. It uniquely defines this user account to SAM within the domain. |
|
profile |
string |
Specifies a path to the user's profile. |
|
home_dir_drive |
string |
Specifies the drive letter assigned to the user's home directory for logon purposes. |
|
expired |
boolean |
Indicates if the user's password has expired. |
|
account_name |
string |
Windows NT complete user name ( composed of domain_name, a backslash character and the shortname ). This is the field that should be linked with other security relative tables where a security account field is present (like acc_ownership). |
|
|
string |
Currently not used |
|
Symbolic constant |
Value |
Meaning |
|
UF_SCRIPT |
0x00001 |
The logon script executed. This value must be set for Windows NT. |
|
UF_ACCOUNTDISABLE |
0x00002 |
The user's account is disabled. |
|
UF_PASSWD_NOTREQD |
0x00020 |
No password is required. |
|
UF_PASSWD_CANT_CHANGE |
0x00040 |
The user cannot change the password. |
|
UF_LOCKOUT |
0x00010 |
The account is currently locked out. |
|
UF_DONT_EXPIRE_PASSWD |
0x10000 |
Represents the password, which should never expire on the account. |
To list all the disabled user accounts, use the following SQL query:
SELECT shortname , fullname
FROM users
WHERE flags & 0x00002 <> 0
ORDER BY shortname