[FRPythoneers] New to Python... need help RE: ADSI and Active Directory

Erick Bodine erick at allocity.com
Fri Mar 28 15:55:03 MST 2003


This is a mod of something that I do.  It is somewhat crude but since I
know I only have one OU in which to search against a previously
constructed list of users, it works for what I need.  Depending on how
many OUs you have to search through, it might be time inhibitive.

Or you can search the Active Directory using ADO.  I have not tried this
method, it requires establishing an "ADODB.Connection" and querying
using SQL or ADSI dialects.

import sys
import win32com, win32comclient, pythoncom

try:
	ldap_loc = win32com.client.GetObject('LDAP://rootDSE').Get(
                            "defaultNamingContext")
except pythoncom.com_error,(hr,msg,exc,arg):
	print "ERROR: Cannot get the default domain, exiting..."
	print hr, msg, exc, arg
      sys.exit()

try:
	ldap_obj = win32com.client.GetObject('LDAP://'+ldap_loc)
except pythoncom.com_error,(hr,msg,exc,arg):
	print "ERROR: Unable to get ldap object, exiting..."
	print hr, msg, exc, arg
      sys.exit()
            
for i in ldap_obj:
	if i.ou:
		# Connect to the OU object like the above examples
		ulist = []
		for user in ou_obj:
			ulist.append(user.Name)

		if name in ulist:
			print "BARF"
		

		

BTW: The adsiedit(?) utility that comes w/ the W2K Server Resource Kit
is VERY useful for looking at the layout of your AD.  Just be very
careful not to change anything w/ it.  MSDN (though time-consuming) and
the "Perl for System Administration" (horrors ;) ) book were also
helpful.

--ERick


-----Original Message-----
From: Brian Jarrett
[mailto:frpythoneers-admin at lists.community.tummy.com] On Behalf Of Brian
Jarrett
Sent: Thursday, March 27, 2003 6:53 PM
To: frpythoneers at lists.community.tummy.com
Subject: RE: [FRPythoneers] New to Python... need help RE: ADSI and
Active Directory

Specifically:  I need a function that will search all OUs in AD for a
username to make sure it isn't used before it is assigned to a user
being added.  We are using a first initial, last name schema for
usernames.  I want this to be as automatic as possible so a school
secretary can enter a students first and last name and graduation year,
it would create a username that isn't already used and assign a
password.  The secretary would be shown a page that says "John Smith has
been assigned the username jsmith with an initial password of 45392.
They may change their password by going to <Some URL here>."

Overall, I've been trying to construct an ADSI moniker that includes
provider "LDAP://dc=garcoschools,dc=org", filter "objectClass=User", and
base "SubTree", but I've not been able to do it.  Once I've figured out
how to conduct searches (on saMAccountName, for instance) then I'll be
able to do most of what I want.

So far, I've been able to build Python scripts that enable me to browse
the AD tree, but I need the search capability next.  After that I'll be
working on adding objects (specifically users) with and without Exchange
2000 mailboxes.

I guess I'm having a hard time understanding how I'm supposed to use the
IADsUser interface that is included with ActiveState Python supposedly
(what do I import?), I've also tried Makepy with the Active DS Type
Library...  Just what is the best way to hook into ADSI with python?

As you can tell, I'm really just starting out on Python.  I've seen
examples like the ADSI/Exchange script on ActiveState, but I can't seem
to get some of the com hooks to work right.  (Getting "invalid moniker"
errors or problems creating objects).

Brian


-----Original Message-----
From:	Erick Bodine [mailto:erick at allocity.com]
Sent:	Thu 3/27/2003 5:37 PM
To:	frpythoneers at lists.community.tummy.com
Cc:	
Subject:	RE: [FRPythoneers] New to Python... need help RE: ADSI
and Active Directory
I actually am currently doing some AD interaction to pull E2k server
names, add 'Organizational Units' and users.  What are you trying to
search for??

--ERick

-----Original Message-----
From: Brian Jarrett [mailto:bjarrett at garcoschools.org] 
Sent: Thursday, March 27, 2003 5:34 PM
To: frpythoneers at lists.community.tummy.com
Subject: [FRPythoneers] New to Python... need help RE: ADSI and Active
Directory

I realize that most of you may be using Python on Linux, and I'd like to
keep it there, but I just can't.  I've decided to use Python because of
its platform independence and I want to learn a language that I can use
on Windows, Linux and even OS X.

My current project is to build a user-friendly website that allows
school secretaries to enter information about a new student and have it
create a user account for them in Active Directory.  It'll also need to
allow some employees to reset student user accounts.
After that I'd like to add pages that allow any user on the school
district's network to change their own password.

The environment is almost 50/50 Windows and Mac, and I'm introducing
some Linux in for advanced systems.  For now, Active Directory is my
LDAP provider and I have my Mac OS X server authenticating from it.

If there is anyone that has specific experience using Python to manage
Active Directory objects (particularly doing searches) I'd really like
to get some assistance from you.

Thanks,
Brian
_______________________________________________
This message sent by the FRPythoneers mailing list.
Unsubscribe: echo unsubscribe |
FRPythoneers-request at lists.community.tummy.com
URL: http://lists.community.tummy.com/mailman/listinfo/frpythoneers
_______________________________________________
This message sent by the FRPythoneers mailing list.
Unsubscribe: echo unsubscribe |
FRPythoneers-request at lists.community.tummy.com
URL: http://lists.community.tummy.com/mailman/listinfo/frpythoneers





More information about the FRPythoneers mailing list