Managed Object - UserDirectory

Property of
See also

Managed Object Description

The UserDirectory managed object provides information about users and groups on a vSphere server and ESX hosts. The method RetrieveUserGroups returns a list of user account data. The method can perform a search operation based on specific criteria - user name, group name, sub-string or string matching, and, on Windows, domain. Use the results as input to the AuthorizationManager methods SetEntityPermissions and ResetEntityPermissions.

The content of the returned results depends on the server environment:


Name Type Description
domainList* Pxsd:string[]

List of Windows domains available for user searches. On ESX Server or Linux systems, this is an empty list.
*May not be presentP Required privilege: System.View


Methods defined in this Managed Object


Returns a list of UserSearchResult objects describing the users and groups defined for the server.

You must hold the Authorization.ModifyPermissions privilege to invoke this method. If you hold the privilege on any ManagedEntity, you will have access to user and group information for the server.

Required Privileges
Dynamic - See discussion above


_thisManagedObjectReference A reference to the UserDirectory used to make the method call.

Domain to be searched. If not set, then the method searches the local machine.

Case insensitive substring used to filter results; the search string is compared to the login and full name for users, and the name and description for groups. Leave this blank to match all users.

If present, the returned list contains only users or groups that directly belong to the specified group. Users or groups that have indirect membership will not be included in the list.

If present, the returned list contains only groups that directly contain the specified user. Groups that indirectly contain the user will not be included in the list.

Indicates the searchStr passed should match a user or group name exactly.

True, if users should be included in the result.

True, if groups should be included in the result.
*Need not be set

Return Value

Type Description


Type Description
NotFoundThrown if any of the domain, belongsToGroup, or belongsToUser arguments refer to entities that do not exist.
NotSupportedThrown if you specify a domain for systems that do not support domains, such as an ESX Server. The method also throws NotSupported if you specify membership (belongsToGroup or belongsToUser) and the server does not support by-membership queries.
RuntimeFaultThrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Show WSDL type definition