Active Directory Cookbook

Tim Golden > Python Stuff > Active Directory > Active Directory Cookbook

Introduction

These examples assume you are using the active_directory module from this site. The following are examples of useful things that could be done with this module on win32 machines.

The following examples, except where stated otherwise, all assume that you are connecting to the default Active Directory (the one you're logged in to).

Note also that the examples are designed to be complete and can be cut-and-pasted straight into a .py file, or even onto an open Python interpreter window (at least running under CMD on Win2000; that's how I test them). Just select the code, including the final blank line, right-click [Copy], select your Python interpreter window, and right-click.

Examples

• Find a user (quick method)
• Find a computer (quick method)
• List all users
• List users in an OU
• List all groups
• Show the members of a group
• Show the types of a group
• List the groups a user is in

Find a user (quick method)

This example uses a module-level function which assumes that you're interested in the current active directory and want to match either the account name or the full name.

import active_directory
user = active_directory.find_user ("goldent")
print user

Find a computer (quick method)

This example uses a module-level function which assumes that you're interested in the current active directory.

import active_directory
computer = active_directory.find_computer ("vogbp200")
print computer

List all users

import active_directory
for user in active_directory.search ("objectCategory='Person'", "objectClass='User'"):
  print user

#
# or
#
for user in active_directory.search (objectCategory='Person', objectClass='User'):
  print user

List users in an OU

To narrow a search down to something less that the whole active directory, call the search method on a particular AD node. You can either instantiate one directly (as in this example) or you can walk down the tree to find the one you want.

import active_directory
users = active_directory.AD_object ("LDAP://ou=Users,dc=com,dc=example")
for user in users.search (objectCategory='Person'):
  print user

List all groups

import active_directory
for group in active_directory.search (objectClass='group'):
  print group.cn

Show the members of a group

import active_directory
me = active_directory.find_user () # defaults to current user
for group in me.memberOf:
  print "Members of group", group.cn
  for group_member in group.member:
    print "  ", group_member

Show all the members of a group, recursively

import active_directory

domain_admins = active_directory.find_group ("Domain Admins")
all_users = set ()
for group, groups, users in domain_admins.walk ():
  all_users.update (users)

#
# or, if you want to get functional:
#
# all_users = reduce (set.union, (users for group, groups, users in domain_admins.walk ()), set ())
#

for user in all_users:
  print user

Show the types of a group

import active_directory
me = active_directory.find_user ()
for group in me.memberOf:
  print "Group types for", group.cn, ":", ", ".join (group.groupType)

List the groups a user is in

import active_directory
user = active_directory.find_user ()
print "User:", user.cn
for group in user.memberOf:
  print "  ", group

List domain controllers for the active domain

import active_directory
for master in active_directory.root ().masteredBy:
  print master.Parent.dNSHostName