I am trying to write a script to simply query the group members in an
active directory group. I need to use LDAP to make sure I capture any
global global group nestings that may occur. I already have a
function that uses WinNT provider to capture this info from NT4 or AD
domains and it works beautifully. It just doesn't capture global >
global nestings. I am having great difficulties in getting this to
work on AD though with ldap. I have a multiple domain tree
environment and need to be able to query groups in different domains.
I want to simply make an ldap connection, bind to it, search for the
group and get it's members.
I do the following for eDirectory and it works great but not in AD.
import ldap
l=ldap.open(1.2 .3.4,trace_leve l = 1)
l.simple_bind_s ('cn=username,o u=company','pas sword')
UserRes = UserRes + l.search_s(
o=company,
ldap.SCOPE_SUBT REE, "(|'cn=groupnam e')
If I do the same thing as above but to an AD source it doesn't work.
I run the open and it seems successful, I run the bind using DN, UPN,
or domain name and password and it seems to bind, I run the query and
it says I must complete a successfull bind operation before doing a
query.
Any help is appreciated. 7 16505
On Feb 7, 9:22 am, kooc...@gmail.c om wrote:
I am trying to write a script to simply query the group members in an
active directory group. I need to use LDAP to make sure I capture any
global global group nestings that may occur. I already have a
function that uses WinNT provider to capture this info from NT4 or AD
domains and it works beautifully. It just doesn't capture global >
global nestings. I am having great difficulties in getting this to
work on AD though with ldap. I have a multiple domain tree
environment and need to be able to query groups in different domains.
I want to simply make an ldap connection, bind to it, search for the
group and get it's members.
I do the following for eDirectory and it works great but not in AD.
import ldap
l=ldap.open(1.2 .3.4,trace_leve l = 1)
l.simple_bind_s ('cn=username,o u=company','pas sword')
UserRes = UserRes + l.search_s(
o=company,
ldap.SCOPE_SUBT REE, "(|'cn=groupnam e')
If I do the same thing as above but to an AD source it doesn't work.
I run the open and it seems successful, I run the bind using DN, UPN,
or domain name and password and it seems to bind, I run the query and
it says I must complete a successfull bind operation before doing a
query.
Any help is appreciated.
I found an example in the groups here and attempted it but it failed
as well. Below is the code I used and the results.
import ldap, ldapurl
proto = 'ldap'
server = 'domaincontroll er.domain.compa ny.com'
port = 389
url = ldapurl.LDAPUrl (urlscheme=prot o,
hostport="%s:%s " % (server,
str(port))).ini tializeUrl()
ldap_obj = ldap.initialize (url)
# !!!password will be on wire in plaintext!!!
ldap_obj = ldap_obj.simple _bind_s('u***** **@domain.compa ny.com',
'password')
base = 'DC=DOMAIN, DC=COMPANY, DC=COM'
scope = ldap.SCOPE_SUBT REE
query = '(objectclass=u ser)'
res_attrs = ['*']
res = ldap_obj.search _ext_s(base, scope, query, res_attrs)
print res
RESULTS FROM PYTHON SHELL
res=ldap_obj.se arch_ext_s(base , scope, query, rest_attrs)
AttributeError: 'NoneType' object has no attribute 'search_Ext_s' ko*****@gmail.c om schrieb:
ldap_obj = ldap_obj.simple _bind_s('u***** **@domain.compa ny.com',
'password')
AttributeError: 'NoneType' object has no attribute 'search_Ext_s'
dummy = ldap_obj.simple _bind_s('u***** **@domain.compa ny.com',
'password')
or better simply
ldap_obj.simple _bind_s('u***** **@domain.compa ny.com',
'password')
On Feb 7, 11:56 am, Uwe Hoffmann <q...@tiscali.d ewrote:
kooc...@gmail.c om schrieb:
ldap_obj = ldap_obj.simple _bind_s('usern. ..@domain.compa ny.com',
'password')
AttributeError: 'NoneType' object has no attribute 'search_Ext_s'
dummy = ldap_obj.simple _bind_s('usern. ..@domain.compa ny.com',
'password')
or better simply
ldap_obj.simple _bind_s('usern. ..@domain.compa ny.com',
'password')
First and foremost thanks for the feedback. Although I don't
appreciate the slight dig at me.
dummy = ldap_obj.simple _bind......
I tried your second recommendation of using
ldap_obj.simple _bind_s('usern. ..@domain.compa ny.com','passwo rd')
Now I get the following error even after the bind operation seems to
complete successfully.
result = func(*args,**kw args)
OPERATIONS_ERRO R: {'info': '00000000: LdapErr: DSID-0C0905FF, comment:
In order to perform this operation a successful bind must be completed
on the connection., data 0, vece', 'desc': 'Operations error'}
Thanks again...
On Feb 8, 4:27 am, kooc...@gmail.c om wrote:
First and foremost thanks for the feedback. Although I don't
appreciate the slight dig at me.
dummy = ldap_obj.simple _bind......
I _really_ don't think Uwe was intending any slight, 'dummy' generally
means 'dummy variable' ie it's just there to catch the value but it's
never used after that :)
If you're doing a lot of AD work, I highly recommend Tim Golden's
active_director y module: http://timgolden.me.uk/python/
active_director y.html
His WMI module has also been a godsend on a number of occasions.
- alex23
On Feb 7, 7:52 pm, "alex23" <wuwe...@gmail. comwrote:
On Feb 8, 4:27 am, kooc...@gmail.c om wrote:
First and foremost thanks for the feedback. Although I don't
appreciate the slight dig at me.
dummy = ldap_obj.simple _bind......
I _really_ don't think Uwe was intending any slight, 'dummy' generally
means 'dummy variable' ie it's just there to catch the value but it's
never used after that :)
If you're doing a lot of AD work, I highly recommend Tim Golden's
active_director y module:http://timgolden.me.uk/python/
active_director y.html
His WMI module has also been a godsend on a number of occasions.
- alex23
Alex-
Thanks for your response and Uwe I apologize if I misunderstood
and misinterpreted your comments. I am sorry.
I have tried Tim's module called active_director y and it works really
well. But I can't figure out how to connect to a specific group is I
know the common name for it but not the DN and then return it's
members. Example.... I know the group name is domain1\shareda ccess.
How do I bind to that group and get the members. The domain isn't
necessarily the defaultnamingco ntext. It could be another domain in
the forest. I need to be able to connect to any domain group and get
it's members. Thanks again.
On Feb 8, 8:44 am, "Kooch54" <kooc...@gmail. comwrote:
On Feb 7, 7:52 pm, "alex23" <wuwe...@gmail. comwrote:
On Feb 8, 4:27 am, kooc...@gmail.c om wrote:
First and foremost thanks for the feedback. Although I don't
appreciate the slight dig at me.
dummy = ldap_obj.simple _bind......
I _really_ don't think Uwe was intending any slight, 'dummy' generally
means 'dummy variable' ie it's just there to catch the value but it's
never used after that :)
If you're doing a lot of AD work, I highly recommend Tim Golden's
active_director y module:http://timgolden.me.uk/python/
active_director y.html
His WMI module has also been a godsend on a number of occasions.
- alex23
Alex-
Thanks for your response and Uwe I apologize if I misunderstood
and misinterpreted your comments. I am sorry.
I have tried Tim's module called active_director y and it works really
well. But I can't figure out how to connect to a specific group is I
know the common name for it but not the DN and then return it's
members. Example.... I know the group name is domain1\shareda ccess.
How do I bind to that group and get the members. The domain isn't
necessarily the defaultnamingco ntext. It could be another domain in
the forest. I need to be able to connect to any domain group and get
it's members. Thanks again.
Bump
Kooch54 wrote:
> Thanks for your response and Uwe I apologize if I misunderstood and misinterpreted your comments. I am sorry. I have tried Tim's module called active_director y and it works really well. But I can't figure out how to connect to a specific group is I know the common name for it but not the DN and then return it's members.
For the simple "group in my domain" situation, as
far as I can see you can do something like this:
<code>
import active_director y
for group in active_director y.search (
"sAMAccountName ='sharedaccess' ",
"objectClass='g roup'"
):
print group
for member in group.members:
print member
</code>
(I'm not on an AD-connected machine just now, but I
think that'll do it).
As to finding it another domain, I'm not sure. I suspect
that if you simply issue the above query, you'll get
the groups back from all domains in the forest. But I'm
not sure about that. In essence this isn't a Python question
as such. If you can find out from any source how to formulate
the query in an AD way, I'm quite sure we can translate that
easily into Python.
I'm afraid that my AD module is a very lightweight wrapper
over the LDAP:// object system and offers very little support
(and gets very little attention from me). Hopefully I can
have a boost of energy & time and give it some help.
TJG This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: m z via .NET 247 |
last post by:
Hi All,
I am trying to get a list of users that belong to a group in Active Directory.
Somehow I think I need to use the DirectorySearcher as follows:
DirectorySearcher searcher = new DirectorySearcher(DomainPath);
searcher.Filter = ????
searcher.FindAll();
|
by: Ran Davidovitz |
last post by:
Hi.
We need to create a view of our active directory users (we have 2500).
I found out that there is max page size of 1000, so we cannot get more
data.
Anyone found a solution to that problem?
Thanks
|
by: mpriem |
last post by:
Hi,
I am trying to enumerate Exchange Admin groups, but fail to with the
folowing code. Can someone help me with this issue.
The executing user has sufficient permissions.
using System;
namespace Active_Directory
|
by: Arvind P Rangan |
last post by:
Hi,
How do u interpret a Active Directory Structure into code format.
Like i have a ADS Structrue
like this
main.domain.com
+ AB
+ UB
+ AC
All my information are in AC
|
by: Tash |
last post by:
I am having a weird problem. I am trying to use the following code to query
active directory.
Function IsExistInAD(ByVal loginName As String) As Boolean
Dim userName As String = ExtractUserName(loginName)
Dim search As DirectorySearcher = New DirectorySearcher
search.Filter = String.Format("(SAMAccountName={0})", userName)
search.PropertiesToLoad.Add("cn")
Dim result As SearchResult = search.FindOne
If result Is Nothing Then
| |
by: Sara Rafiee via .NET 247 |
last post by:
hello this is my code could anyone help me, I want to search exact user in special group in active directory, my group name is test11 . could anyone here help me to do this.
thanks this is my code
Public Function ValidateUser(ByVal Domain As String, ByVal username As String, ByVal password As String) As Boolean
Dim strGroupDN As String
strGroupDN = "Users"
|
by: dug04 |
last post by:
Hi
I am trying to write a query that will select all users in the Organization bucket in active directory. The problem is that within the Organization bucket, there are many other buckets. I want to filter/exclude one bucket.
Example:
+Organization
++Store1
+++User1
|
by: =?Utf-8?B?YXppZWdsZXI=?= |
last post by:
Hello, everybody.
I'd like to do this: For a big program (a web service) I need information
about the usergroups an active-directory-user is member of. To be more
precise, I need to know if a particular user is in a particular group or not.
This is my first Active-Directory-query in a C#-program, so it might look
crude or primitive...well, it doesn't work anyway...
The interesting part of the code is this:
|
by: pbala |
last post by:
Check the User is the Member of One Group using Active Directory in C#.net
System.DirectoryServices.AccountManagement.Principal.IsMemberOf(System.DirectoryServices.AccountManagement.GroupPrincipal)
How to find the "System.DirectoryServices.AccountManagement.GroupPrincipal"?
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
| |
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| |