The Win32_UserAccount WMI class contains information about a user account on a computer system running Windows. ®
Methods
Win32_UserAccount has 1 methods:
| Method | Description |
|---|---|
| Rename | Allows for the renaming of the user account. |
Learn more about Invoke-CimMethod and how to invoke commands. Click any of the methods listed above to learn more about their purpose, parameters, and return value.
Properties
Win32_UserAccount returns 16 properties:
'AccountType','Caption','Description','Disabled','Domain','FullName','InstallDate',
'LocalAccount','Lockout','Name','PasswordChangeable','PasswordExpires','PasswordRequired','SID',
'SIDType','Status'
Unless explicitly marked as writeable, all properties are read-only. Read all properties for all instances:
Get-CimInstance -ClassName Win32_UserAccount -Property *
Most WMI classes return one or more instances.
When
Get-CimInstancereturns no result, then apparently no instances of class Win32_UserAccount exist. This is normal behavior.Either the class is not implemented on your system (may be deprecated or due to missing drivers, i.e. CIM_VideoControllerResolution), or there are simply no physical representations of this class currently available (i.e. Win32_TapeDrive).
AccountType
Flags that describe the characteristics of a Windows user account.
AccountType returns a numeric value. To translate it into a meaningful text, use any of the following approaches:
Use a PowerShell Hashtable
$AccountType_map = @{
256 = 'Temporary duplicate account'
512 = 'Normal account'
2048 = 'Interdomain trust account'
4096 = 'Workstation trust account'
8192 = 'Server trust account'
}
Use a switch statement
switch([int]$value)
{
256 {'Temporary duplicate account'}
512 {'Normal account'}
2048 {'Interdomain trust account'}
4096 {'Workstation trust account'}
8192 {'Server trust account'}
default {"$value"}
}
Use Enum structure
Enum EnumAccountType
{
Temporary_duplicate_account = 256
Normal_account = 512
Interdomain_trust_account = 2048
Workstation_trust_account = 4096
Server_trust_account = 8192
}
Examples
Use $AccountType_map in a calculated property for Select-Object
<#
this example uses a hashtable to translate raw numeric values for
property "AccountType" to friendly text
Note: to use other properties than "AccountType", look up the appropriate
translation hashtable for the property you would like to use instead.
#>
#region define hashtable to translate raw values to friendly text
# Please note: this hashtable is specific for property "AccountType"
# to translate other properties, use their translation table instead
$AccountType_map = @{
256 = 'Temporary duplicate account'
512 = 'Normal account'
2048 = 'Interdomain trust account'
4096 = 'Workstation trust account'
8192 = 'Server trust account'
}
#endregion define hashtable
#region define calculated property (to be used with Select-Object)
<#
a calculated property is defined by a hashtable with keys "Name" and "Expression"
"Name" defines the name of the property (in this example, it is "AccountType", but you can rename it to anything else)
"Expression" defines a scriptblock that calculates the content of this property
in this example, the scriptblock uses the hashtable defined earlier to translate each numeric
value to its friendly text counterpart:
#>
$AccountType = @{
Name = 'AccountType'
Expression = {
# property is an array, so process all values
$value = $_.AccountType
$AccountType_map[[int]$value]
}
}
#endregion define calculated property
# retrieve the instances, and output the properties "Caption" and "AccountType". The latter
# is defined by the hashtable in $AccountType:
Get-CimInstance -Class Win32_UserAccount | Select-Object -Property Caption, $AccountType
# ...or dump content of property AccountType:
$friendlyValues = Get-CimInstance -Class Win32_UserAccount |
Select-Object -Property $AccountType |
Select-Object -ExpandProperty AccountType
# output values
$friendlyValues
# output values as comma separated list
$friendlyValues -join ', '
# output values as bullet list
$friendlyValues | ForEach-Object { "- $_" }
Use $AccountType_map to directly translate raw values from an instance
<#
this example uses a hashtable to manually translate raw numeric values
for property "Win32_UserAccount" to friendly text. This approach is ideal when
there is just one instance to work with.
Note: to use other properties than "Win32_UserAccount", look up the appropriate
translation hashtable for the property you would like to use instead.
#>
#region define hashtable to translate raw values to friendly text
# Please note: this hashtable is specific for property "Win32_UserAccount"
# to translate other properties, use their translation table instead
$AccountType_map = @{
256 = 'Temporary duplicate account'
512 = 'Normal account'
2048 = 'Interdomain trust account'
4096 = 'Workstation trust account'
8192 = 'Server trust account'
}
#endregion define hashtable
# get one instance:
$instance = Get-CimInstance -Class Win32_UserAccount | Select-Object -First 1
<#
IMPORTANT: this example processes only one instance to illustrate
the number-to-text translation. To process all instances, replace
"Select-Object -First 1" with a "Foreach-Object" loop, and use
the iterator variable $_ instead of $instance
#>
# query the property
$rawValue = $instance.AccountType
# translate raw value to friendly text:
$friendlyName = $AccountType_map[[int]$rawValue]
# output value
$friendlyName
Use a switch statement inside a calculated property for Select-Object
<#
this example uses a switch clause to translate raw numeric
values for property "AccountType" to friendly text. The switch
clause is embedded into a calculated property so there is
no need to refer to external variables for translation.
Note: to use other properties than "AccountType", look up the appropriate
translation switch clause for the property you would like to use instead.
#>
#region define calculated property (to be used with Select-Object)
<#
a calculated property is defined by a hashtable with keys "Name" and "Expression"
"Name" defines the name of the property (in this example, it is "AccountType", but you can rename it to anything else)
"Expression" defines a scriptblock that calculates the content of this property
in this example, the scriptblock uses the hashtable defined earlier to translate each numeric
value to its friendly text counterpart:
#>
$AccountType = @{
Name = 'AccountType'
Expression = {
# property is an array, so process all values
$value = $_.AccountType
switch([int]$value)
{
256 {'Temporary duplicate account'}
512 {'Normal account'}
2048 {'Interdomain trust account'}
4096 {'Workstation trust account'}
8192 {'Server trust account'}
default {"$value"}
}
}
}
#endregion define calculated property
# retrieve all instances...
Get-CimInstance -ClassName Win32_UserAccount |
# ...and output properties "Caption" and "AccountType". The latter is defined
# by the hashtable in $AccountType:
Select-Object -Property Caption, $AccountType
Use the Enum from above to auto-translate the code values
<#
this example translates raw values by means of type conversion
the friendly names are defined as enumeration using the
keyword "enum" (PowerShell 5 or better)
The raw value(s) are translated to friendly text by
simply converting them into the enum type.
Note: to use other properties than "Win32_UserAccount", look up the appropriate
enum definition for the property you would like to use instead.
#>
#region define enum with value-to-text translation:
Enum EnumAccountType
{
Temporary_duplicate_account = 256
Normal_account = 512
Interdomain_trust_account = 2048
Workstation_trust_account = 4096
Server_trust_account = 8192
}
#endregion define enum
# get one instance:
$instance = Get-CimInstance -Class Win32_UserAccount | Select-Object -First 1
<#
IMPORTANT: this example processes only one instance to focus on
the number-to-text type conversion.
To process all instances, replace "Select-Object -First 1"
with a "Foreach-Object" loop, and use the iterator variable
$_ instead of $instance
#>
# query the property:
$rawValue = $instance.AccountType
#region using strict type conversion
<#
Note: strict type conversion fails if the raw value is
not defined by the enum. So if the list of allowable values
was extended and the enum does not match the value,
an exception is thrown
#>
# convert the property to the enum **AccountType**
[EnumAccountType]$rawValue
# get a comma-separated string:
[EnumAccountType]$rawValue -join ','
#endregion
#region using operator "-as"
<#
Note: the operator "-as" accepts values not defined
by the enum and returns $null instead of throwing
an exception
#>
$rawValue -as [EnumAccountType]
#endregion
Enums must cover all possible values. If AccountType returns a value that is not defined in the enum, an exception occurs. The exception reports the value that was missing in the enum. To fix, add the missing value to the enum.
Caption
Domain and username of the account.
Get-CimInstance -ClassName Win32_UserAccount | Select-Object -Property Caption
Description
Description of the account.
Get-CimInstance -ClassName Win32_UserAccount | Select-Object -Property Description
Disabled
Windows user account is disabled.
Get-CimInstance -ClassName Win32_UserAccount | Select-Object -Property Disabled
Domain
Name of the Windows domain to which a user account belongs, for example: “NA-SALES”.
Get-CimInstance -ClassName Win32_UserAccount | Select-Object -Property Domain
FullName
Full name of a local user, for example: “Dan Wilson”.
Get-CimInstance -ClassName Win32_UserAccount | Select-Object -Property FullName
InstallDate
Date the object is installed. This property does not need a value to indicate that the object is installed.
Get-CimInstance -ClassName Win32_UserAccount | Select-Object -Property InstallDate
LocalAccount
If true, the account is defined on the local computer.
Get-CimInstance -ClassName Win32_UserAccount | Select-Object -Property LocalAccount
Lockout
If true, the user account is locked out of the Windows operating system.
Get-CimInstance -ClassName Win32_UserAccount | Select-Object -Property Lockout
Name
Name of the Windows user account on the domain that the Domain property of this class specifies.
Example: “danwilson”.
Get-CimInstance -ClassName Win32_UserAccount | Select-Object -Property Name
PasswordChangeable
If true, the password on this user account can be changed.
Get-CimInstance -ClassName Win32_UserAccount | Select-Object -Property PasswordChangeable
PasswordExpires
If true, the password on this user account expires.
Get-CimInstance -ClassName Win32_UserAccount | Select-Object -Property PasswordExpires
PasswordRequired
If true, a password is required on a Windows user account. If false, this account does not require a password.
Get-CimInstance -ClassName Win32_UserAccount | Select-Object -Property PasswordRequired
SID
Security identifier (SID) for this account. A SID is a string value of variable length that is used to identify a trustee. Each account has a unique SID that an authority, such as a Windows domain, issues. The SID is stored in the security database. When a user logs on, the system retrieves the user SID from the database, places the SID in the user access token, and then uses the SID in the user access token to identify the user in all subsequent interactions with Windows security. Each SID is a unique identifier for a user or group, and a different user or group cannot have the same SID.
Get-CimInstance -ClassName Win32_UserAccount | Select-Object -Property SID
SIDType
Enumerated value that specifies the type of SID.
SIDType returns a numeric value. To translate it into a meaningful text, use any of the following approaches:
Use a PowerShell Hashtable
$SIDType_map = @{
1 = 'SidTypeUser'
2 = 'SidTypeGroup'
3 = 'SidTypeDomain'
4 = 'SidTypeAlias'
5 = 'SidTypeWellKnownGroup'
6 = 'SidTypeDeletedAccount'
7 = 'SidTypeInvalid'
8 = 'SidTypeUnknown'
9 = 'SidTypeComputer'
}
Use a switch statement
switch([int]$value)
{
1 {'SidTypeUser'}
2 {'SidTypeGroup'}
3 {'SidTypeDomain'}
4 {'SidTypeAlias'}
5 {'SidTypeWellKnownGroup'}
6 {'SidTypeDeletedAccount'}
7 {'SidTypeInvalid'}
8 {'SidTypeUnknown'}
9 {'SidTypeComputer'}
default {"$value"}
}
Use Enum structure
Enum EnumSIDType
{
SidTypeUser = 1
SidTypeGroup = 2
SidTypeDomain = 3
SidTypeAlias = 4
SidTypeWellKnownGroup = 5
SidTypeDeletedAccount = 6
SidTypeInvalid = 7
SidTypeUnknown = 8
SidTypeComputer = 9
}
Examples
Use $SIDType_map in a calculated property for Select-Object
<#
this example uses a hashtable to translate raw numeric values for
property "SIDType" to friendly text
Note: to use other properties than "SIDType", look up the appropriate
translation hashtable for the property you would like to use instead.
#>
#region define hashtable to translate raw values to friendly text
# Please note: this hashtable is specific for property "SIDType"
# to translate other properties, use their translation table instead
$SIDType_map = @{
1 = 'SidTypeUser'
2 = 'SidTypeGroup'
3 = 'SidTypeDomain'
4 = 'SidTypeAlias'
5 = 'SidTypeWellKnownGroup'
6 = 'SidTypeDeletedAccount'
7 = 'SidTypeInvalid'
8 = 'SidTypeUnknown'
9 = 'SidTypeComputer'
}
#endregion define hashtable
#region define calculated property (to be used with Select-Object)
<#
a calculated property is defined by a hashtable with keys "Name" and "Expression"
"Name" defines the name of the property (in this example, it is "SIDType", but you can rename it to anything else)
"Expression" defines a scriptblock that calculates the content of this property
in this example, the scriptblock uses the hashtable defined earlier to translate each numeric
value to its friendly text counterpart:
#>
$SIDType = @{
Name = 'SIDType'
Expression = {
# property is an array, so process all values
$value = $_.SIDType
$SIDType_map[[int]$value]
}
}
#endregion define calculated property
# retrieve the instances, and output the properties "Caption" and "SIDType". The latter
# is defined by the hashtable in $SIDType:
Get-CimInstance -Class Win32_UserAccount | Select-Object -Property Caption, $SIDType
# ...or dump content of property SIDType:
$friendlyValues = Get-CimInstance -Class Win32_UserAccount |
Select-Object -Property $SIDType |
Select-Object -ExpandProperty SIDType
# output values
$friendlyValues
# output values as comma separated list
$friendlyValues -join ', '
# output values as bullet list
$friendlyValues | ForEach-Object { "- $_" }
Use $SIDType_map to directly translate raw values from an instance
<#
this example uses a hashtable to manually translate raw numeric values
for property "Win32_UserAccount" to friendly text. This approach is ideal when
there is just one instance to work with.
Note: to use other properties than "Win32_UserAccount", look up the appropriate
translation hashtable for the property you would like to use instead.
#>
#region define hashtable to translate raw values to friendly text
# Please note: this hashtable is specific for property "Win32_UserAccount"
# to translate other properties, use their translation table instead
$SIDType_map = @{
1 = 'SidTypeUser'
2 = 'SidTypeGroup'
3 = 'SidTypeDomain'
4 = 'SidTypeAlias'
5 = 'SidTypeWellKnownGroup'
6 = 'SidTypeDeletedAccount'
7 = 'SidTypeInvalid'
8 = 'SidTypeUnknown'
9 = 'SidTypeComputer'
}
#endregion define hashtable
# get one instance:
$instance = Get-CimInstance -Class Win32_UserAccount | Select-Object -First 1
<#
IMPORTANT: this example processes only one instance to illustrate
the number-to-text translation. To process all instances, replace
"Select-Object -First 1" with a "Foreach-Object" loop, and use
the iterator variable $_ instead of $instance
#>
# query the property
$rawValue = $instance.SIDType
# translate raw value to friendly text:
$friendlyName = $SIDType_map[[int]$rawValue]
# output value
$friendlyName
Use a switch statement inside a calculated property for Select-Object
<#
this example uses a switch clause to translate raw numeric
values for property "SIDType" to friendly text. The switch
clause is embedded into a calculated property so there is
no need to refer to external variables for translation.
Note: to use other properties than "SIDType", look up the appropriate
translation switch clause for the property you would like to use instead.
#>
#region define calculated property (to be used with Select-Object)
<#
a calculated property is defined by a hashtable with keys "Name" and "Expression"
"Name" defines the name of the property (in this example, it is "SIDType", but you can rename it to anything else)
"Expression" defines a scriptblock that calculates the content of this property
in this example, the scriptblock uses the hashtable defined earlier to translate each numeric
value to its friendly text counterpart:
#>
$SIDType = @{
Name = 'SIDType'
Expression = {
# property is an array, so process all values
$value = $_.SIDType
switch([int]$value)
{
1 {'SidTypeUser'}
2 {'SidTypeGroup'}
3 {'SidTypeDomain'}
4 {'SidTypeAlias'}
5 {'SidTypeWellKnownGroup'}
6 {'SidTypeDeletedAccount'}
7 {'SidTypeInvalid'}
8 {'SidTypeUnknown'}
9 {'SidTypeComputer'}
default {"$value"}
}
}
}
#endregion define calculated property
# retrieve all instances...
Get-CimInstance -ClassName Win32_UserAccount |
# ...and output properties "Caption" and "SIDType". The latter is defined
# by the hashtable in $SIDType:
Select-Object -Property Caption, $SIDType
Use the Enum from above to auto-translate the code values
<#
this example translates raw values by means of type conversion
the friendly names are defined as enumeration using the
keyword "enum" (PowerShell 5 or better)
The raw value(s) are translated to friendly text by
simply converting them into the enum type.
Note: to use other properties than "Win32_UserAccount", look up the appropriate
enum definition for the property you would like to use instead.
#>
#region define enum with value-to-text translation:
Enum EnumSIDType
{
SidTypeUser = 1
SidTypeGroup = 2
SidTypeDomain = 3
SidTypeAlias = 4
SidTypeWellKnownGroup = 5
SidTypeDeletedAccount = 6
SidTypeInvalid = 7
SidTypeUnknown = 8
SidTypeComputer = 9
}
#endregion define enum
# get one instance:
$instance = Get-CimInstance -Class Win32_UserAccount | Select-Object -First 1
<#
IMPORTANT: this example processes only one instance to focus on
the number-to-text type conversion.
To process all instances, replace "Select-Object -First 1"
with a "Foreach-Object" loop, and use the iterator variable
$_ instead of $instance
#>
# query the property:
$rawValue = $instance.SIDType
#region using strict type conversion
<#
Note: strict type conversion fails if the raw value is
not defined by the enum. So if the list of allowable values
was extended and the enum does not match the value,
an exception is thrown
#>
# convert the property to the enum **SIDType**
[EnumSIDType]$rawValue
# get a comma-separated string:
[EnumSIDType]$rawValue -join ','
#endregion
#region using operator "-as"
<#
Note: the operator "-as" accepts values not defined
by the enum and returns $null instead of throwing
an exception
#>
$rawValue -as [EnumSIDType]
#endregion
Enums must cover all possible values. If SIDType returns a value that is not defined in the enum, an exception occurs. The exception reports the value that was missing in the enum. To fix, add the missing value to the enum.
Status
Current status of an object. Various operational and nonoperational statuses can be defined. Available values:
$values = 'Degraded','Error','Lost Comm','No Contact','NonRecover','OK','Pred Fail','Service','Starting','Stopping','Stressed','Unknown'
Get-CimInstance -ClassName Win32_UserAccount | Select-Object -Property Status
Examples
List all instances of Win32_UserAccount
Get-CimInstance -ClassName Win32_UserAccount
Learn more about Get-CimInstance and the deprecated Get-WmiObject.
View all properties
Get-CimInstance -ClassName Win32_UserAccount -Property *
View key properties only
Get-CimInstance -ClassName Win32_UserAccount -KeyOnly
Selecting Properties
To select only some properties, pipe the results to Select-Object -Property a,b,c with a comma-separated list of the properties you require. Wildcards are permitted.
Get-CimInstance always returns all properties but only retrieves the ones that you specify. All other properties are empty but still present. That’s why you need to pipe the results into Select-Object if you want to limit the visible properties, i.e. for reporting.
Selecting Properties
The code below lists all available properties. Remove the ones you do not need:
$properties = 'AccountType',
'Caption',
'Description',
'Disabled',
'Domain',
'FullName',
'InstallDate',
'LocalAccount',
'Lockout',
'Name',
'PasswordChangeable',
'PasswordExpires',
'PasswordRequired',
'SID',
'SIDType',
'Status'
Get-CimInstance -ClassName Win32_UserAccount | Select-Object -Property $properties
Limiting Network Bandwidth
If you work remotely, it makes sense to limit network bandwidth by filtering the properties on the server side, too:
Get-CimInstance -Class Win32_UserAccount -Property $property |
Select-Object -Property $property
Selecting Instances
To select some instances, use Get-CimInstance and a WMI Query. The wildcard character in WMI Queries is % (and not “*”).
The parameter -Filter runs a simple query.
Listing all instances where the property Caption starts with “A”
Get-CimInstance -Class Win32_UserAccount -Filter 'Caption LIKE "a%"'
Using a WQL Query
The parameter -Query uses a query similar to SQL and combines the parameters -Filter and -Property. This returns all instances where the property Caption starts with “A”, and returns the properties specified:
Get-CimInstance -Query "SELECT SID, AccountType, FullName, InstallDate FROM Win32_UserAccount WHERE Caption LIKE 'a%'"
Any property you did not specify is still present but empty. You might need to use
Select-Objectto remove all unwanted properties:Get-CimInstance -Query "SELECT SID, AccountType, FullName, InstallDate FROM Win32_UserAccount WHERE Caption LIKE 'a%'" | Select-Object -Property SID, AccountType, FullName, InstallDate
Accessing Remote Computers
To access remote systems, you need to have proper permissions. User the parameter -ComputerName to access one or more remote systems.
Authenticating as Current User
# one or more computer names or IP addresses:
$list = 'server1', 'server2'
# authenticate with your current identity:
$result = Get-CimInstance -ClassName Win32_UserAccount -ComputerName $list
$result
Authenticating as Different User
Use a CIMSession object to authenticate with a new identity:
# one or more computer names or IP addresses:
$list = 'server1', 'server2'
# authenticate with a different identity:
$cred = Get-Credential -Message 'Authenticate to retrieve WMI information:'
$session = New-CimSession -ComputerName $list -Credential $cred
$result = Get-CimInstance Win32_UserAccount -CimSession $session
# remove the session after use (if you do not plan to re-use it later)
Remove-CimSession -CimSession $session
$result
Learn more about accessing remote computers.
Requirements
To use Win32_UserAccount, the following requirements apply:
PowerShell
Get-CimInstance was introduced with PowerShell Version 3.0, which in turn was introduced on clients with Windows 8 and on servers with Windows Server 2012.
If necessary, update Windows PowerShell to Windows PowerShell 5.1, or install PowerShell 7 side-by-side.
Operating System
Win32_UserAccount was introduced on clients with Windows Vista and on servers with Windows Server 2008.
Namespace
Win32_UserAccount lives in the Namespace Root/CIMV2. This is the default namespace. There is no need to use the -Namespace parameter in Get-CimInstance.
Implementation
Win32_UserAccount is implemented in CIMWin32.dll and defined in CIMWin32.mof. Both files are located in the folder C:\Windows\system32\wbem:
explorer $env:windir\system32\wbem
notepad $env:windir\system32\wbem\CIMWin32.mof