Click here to Skip to main content
15,663,239 members
Please Sign up or sign in to vote.
1.00/5 (3 votes)
See more:
In general, the user must have admin access or group access for using Windows Active Directory. From customer log, we confirmed that they do not have such access.



Since the user do not have the privileges, it fails in the NetUSerGetInfo API call and returned the nStatus as 5.

NetUserGetinfo failed with nStatus: 5

Return codeDescriptionERROR_ACCESS_DENIEDThe user does not have access to the requested information.



Below is the document we referred from Microsoft for Error_Access_Denied.



https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/netuser-netgroup-fails-with-access-denied



Our code was implemented according to Requirements for Network Management Functions on Active Directory Domain Controllers.



If we call the Windows API which is listed in the below document either it should allow the access or denied based on the Access control list.



Please take a look at the below document / link from Microsoft for this:



https://learn.microsoft.com/en-us/windows/win32/netmgmt/requirements-for-network-management-functions-on-active-directory-domain-controllers



The default security policy restricts anonymous local access to having no rights. A local access group exists for applications with the same access rights as Everyone. Administrators can then appropriately increase or decrease the number of users in that group, named the Pre-Windows 2000-Compatible Access Group.

Due to security policy in customer end, they can't give these privileges to all. So that NetUserGetInfo API fail to admit the User.

Our Query is:-
Is there any other Microsoft API call to fix this issue that allow normal user to access the Windows active directory without any privileges?

What I have tried:

We use NetUserGetInfo API in our code. We need other API which does not look for admin or group access .
Posted
Updated 23-Jan-23 23:25pm

No, there isn't.

What is wrong is with your understanding of how this works. The problem is not with the API call. It's with the data you're trying to request and the account under which the code is running.

The Anonymous user will not have access to any user information at all, not even its own account. This is for security reasons.

You need to explain exactly what you're trying to do, the data you're trying to get, and under which account the request is being made.
 
Share this answer
 
Hello Dave, you are correct. Is there any other API which doesn't look for these privileges. one of our customers is looking for that.
 
Share this answer
 
Comments
Richard Deeming 24-Jan-23 5:55am    
If you want to reply to a solution, click the "Have a Question or Comment?" button under that solution and post a comment.

Do not post your comment as another "solution" to your question.
Dave Kreskowiak 24-Jan-23 9:03am    
At the risk of repeating myself: "No, there isn't."

Again, "You need to explain exactly what you're trying to do, the data you're trying to get, and under which account the request is being made."

Just saying "because the customer wants it" is NOT a valid answer nor is it a valid requirement when writing software. Windows Security is there for very good reasons and you cannot get around it.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900