Use the list_zone_users command to check Active Directory and return a list of zone users defined in the currently selected zone. If executed in a script, this command outputs its list to stdout so that the output appears in the shell where the script is executed. The command does not return a Tcl list back to the executing script. Use get_zone_users to return a Tcl list.

Zone type

Classic and hierarchical


list_zone_users [-upn]




This command takes the following option:

Option Description


Optional. Returns user names in user principal name (UPN) format rather than the default sAMAccount@domain format.


This command takes no arguments.

Return value

This command returns a list to stdout of zone users for the currently selected zone. Each entry in the list contains the following user profile fields separated by colons (:):

  • sAMAccountName@domain or the UPN of the zone user as it is stored in Active Directory.

    If the Active Directory user no longer exists for a zone user, the command returns the security identifier (SID) of the orphan user.

  • UNIX user name.

  • Numeric user identifier (UID).

  • Numeric identifier for the user’s primary group (GID).

    If the GID has the number 2147483648 (which is 80000000 hex) it means that the UID is being used as the GID. (This can occur in hierarchical zones.)

  • Personal information from the GECOS field.

  • The user’s home directory.

  • The user’s default login shell.

  • Whether the user is enabled or disabled (in classic zones only).



This example returns the list of users similar to this:{u:samaccountname}:%{home}/%{user}:%{shell}:{u:samaccountname}:%{home}/%{user}:%{shell}:{u:samaccountname}:%{home}/%{user}:%{shell}:

Related commands

Before you use this command, you must have a currently selected zone stored in memory. The following commands enable you to view and select zone users:

  • get_zone_users returns a Tcl list of the Active Directory names of zone users in the current zone.
  • new_zone_user creates a new zone user and stores it in memory.
  • select_zone_user retrieves a zone user from Active Directory and stores it in memory.

After you have a zone user stored in memory, you can use the following commands to work with that zone user: