In general, the user must have admin access or group access for using Windows Active Directory. From customer log, we confirmed that they do not have such access.
Since the user do not have the privileges, it fails in the NetUSerGetInfo API call and returned the nStatus as 5.
NetUserGetinfo failed with nStatus: 5
Return codeDescriptionERROR_ACCESS_DENIEDThe user does not have access to the requested information.
Below is the document we referred from Microsoft for Error_Access_Denied.
https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/netuser-netgroup-fails-with-access-denied
Our code was implemented according to Requirements for Network Management Functions on Active Directory Domain Controllers.
If we call the Windows API which is listed in the below document either it should allow the access or denied based on the Access control list.
Please take a look at the below document / link from Microsoft for this:
https://learn.microsoft.com/en-us/windows/win32/netmgmt/requirements-for-network-management-functions-on-active-directory-domain-controllers
The default security policy restricts anonymous local access to having no rights. A local access group exists for applications with the same access rights as Everyone. Administrators can then appropriately increase or decrease the number of users in that group, named the Pre-Windows 2000-Compatible Access Group.
Due to security policy in customer end, they can't give these privileges to all. So that NetUserGetInfo API fail to admit the User.
Our Query is:-
Is there any other Microsoft API call to fix this issue that allow normal user to access the Windows active directory without any privileges?
What I have tried:
We use NetUserGetInfo API in our code. We need other API which does not look for admin or group access .
Submit an article or tip