Resolving user ID account on Windows® operating systems

About this task

HCL Workload Automation needs to resolve the user ID account on Windows® operating systems to verify the security information.

Windows® users can be classified as domain users or local users. Domain users are defined in the domain controller, while local users are defined in the workstations of the network.

For a domain user, HCL Workload Automation requests the primary domain controller (or any domain controller for Windows® 2000 or 2003 Active Directory), to identify an available domain controller. It then uses this domain controller identity to type out the structure for the user.

For a local user, HCL Workload Automation makes a request to the local workstation. Generally, HCL Workload Automation specifies two cases: one for the HCL Workload Automation user and one for the streamlogon user.

The following is a list of steps that HCL Workload Automation performs to authenticate Windows® users, and the APIs involved:
  1. HCL Workload Automation looks up the user in the reference domain. For the domain user, the reference domain is the name of the Windows® network. For the local user, it is the name of the local workstation.

    API: LookupAccountName.

  2. If the user is a domain user, HCL Workload Automation asks the primary domain controller for any domain controller that is available to resolve the account for the user in the reference domain.

    API: NetGetAnyDCName for Windows® or DsGetDcName for Windows® 2000 or 2003.

  3. HCL Workload Automation requests the domain controller (or the local workstation if the user is local) for information about the user.
    API: NetUserGetInfo.
    Note: On Windows® 2000 and 2003, the permissions for this API are contained in the BUILTIN\"Pre-Windows 2000 compatible access" group.