Home Library Learn Downloads Support Community
Sign in | United States - English | |
3 out of 10 rated this helpful - Rate this topic

LookupAccountName function

Applies to: desktop apps only

The LookupAccountName function accepts the name of a system and an account as input. It retrieves a security identifier (SID) for the account and the name of the domain on which the account was found.

The LsaLookupNames function can also retrieve computer accounts.

Syntax

Copy 
BOOL WINAPI LookupAccountName(
  __in_opt   LPCTSTR lpSystemName,
  __in       LPCTSTR lpAccountName,
  __out_opt  PSID Sid,
  __inout    LPDWORD cbSid,
  __out_opt  LPTSTR ReferencedDomainName,
  __inout    LPDWORD cchReferencedDomainName,
  __out      PSID_NAME_USE peUse
);

Parameters

lpSystemName [in, optional]

A pointer to a null-terminated character string that specifies the name of the system. This string can be the name of a remote computer. If this string is NULL, the account name translation begins on the local system. If the name cannot be resolved on the local system, this function will try to resolve the name using domain controllers trusted by the local system. Generally, specify a value for lpSystemName only when the account is in an untrusted domain and the name of a computer in that domain is known.

lpAccountName [in]

A pointer to a null-terminated string that specifies the account name.

Use a fully qualified string in the domain_name\user_name format to ensure that LookupAccountName finds the account in the desired domain.

Sid [out, optional]

A pointer to a buffer that receives the SID structure that corresponds to the account name pointed to by the lpAccountName parameter. If this parameter is NULL, cbSid must be zero.

cbSid [in, out]

A pointer to a variable. On input, this value specifies the size, in bytes, of the Sid buffer. If the function fails because the buffer is too small or if cbSid is zero, this variable receives the required buffer size.

ReferencedDomainName [out, optional]

A pointer to a buffer that receives the name of the domain where the account name is found. For computers that are not joined to a domain, this buffer receives the computer name. If this parameter is NULL, the function returns the required buffer size.

cchReferencedDomainName [in, out]

A pointer to a variable. On input, this value specifies the size, in TCHARs, of the ReferencedDomainName buffer. If the function fails because the buffer is too small, this variable receives the required buffer size, including the terminating null character. If the ReferencedDomainName parameter is NULL, this parameter must be zero.

peUse [out]

A pointer to a SID_NAME_USE enumerated type that indicates the type of the account when the function returns.

Return value

If the function succeeds, the function returns nonzero.

If the function fails, it returns zero. For extended error information, call GetLastError.

Remarks

The LookupAccountName function attempts to find a SID for the specified name by first checking a list of well-known SIDs. If the name does not correspond to a well-known SID, the function checks built-in and administratively defined local accounts. Next, the function checks the primary domain. If the name is not found there, trusted domains are checked.

Use fully qualified account names (for example, domain_name\user_name) instead of isolated names (for example, user_name). Fully qualified names are unambiguous and provide better performance when the lookup is performed. This function also supports fully qualified DNS names (for example, example.example.com\user_name) and user principal names (UPN) (for example, someone@example.com).

In addition to looking up local accounts, local domain accounts, and explicitly trusted domain accounts, LookupAccountName can look up the name for any account in any domain in the forest.

Requirements

Minimum supported client

Windows XP

Minimum supported server

Windows Server 2003

Header
Winbase.h (include Windows.h)

Library
Advapi32.lib

DLL
Advapi32.dll

Unicode and ANSI names

LookupAccountNameW (Unicode) and LookupAccountNameA (ANSI)

See also

Access Control Overview
Basic Access Control Functions
EqualPrefixSid
GetUserName
LookupAccountSid
LsaLookupNames2
SID
SID_NAME_USE

 

 

Send comments about this topic to Microsoft

Build date: 3/7/2012

Did you find this helpful?
(1500 characters remaining)
Community Content Add
Annotations FAQ
Does not support "." for domain name
You can specify "." as the domain name for logging into a computer and in the DefaultUserName for AutoLogon, but this API does not support it. You must expand the dot to the actual machine name before calling this API.
History
Function fails crashing process if the buffer size of about 1024*1024
Function fails crashing process if the buffer size of about 1024*1024
History
<First post>
.
History
<Triple post> wtf?
.
History
<Double Post>
.
History
Broken

Note that this API is broken if your machine name and your account name are the same. In which case it will return the SID of the machine instead of the account.

This is with Windows7, so it's probably a bug in most versions of Windows.

History
How to enumerate local user accounts
Use the NetUserEnum function: http://msdn2.microsoft.com/en-us/library/aa370652(VS.85).aspx

History
ReferencedDomainName can not be NULL, nor size 0 when remaining parm are valid or call will fail.

Note: While theReferencedDomainName parameter is listed as optional in fact it is not. If you pass NULL and 0 for the size as documented, and provide valid data for the remaining parameters the returned result is 0-failed. GetLastError will indicate 0x7a - The data area passed to a system call is too small.

This has been my experience on XP Pro. with SP 3 andWindows Server 2003 R2 Standard with SP2.The application was created in C++ with VS 2008.

History