def ms_check_uac(self, attributes: dict[str, Any], user: User): """Check userAccountControl""" if "userAccountControl" not in attributes: return # Default from https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity # /useraccountcontrol-manipulate-account-properties uac_bit = attributes.get("userAccountControl", 512) uac = UserAccountControl(uac_bit) user.is_active = UserAccountControl.ACCOUNTDISABLE not in uac user.save()
def ms_check_pwd_last_set(self, attributes: dict[str, Any], user: User, created: bool): """Check pwdLastSet""" if "pwdLastSet" not in attributes: return pwd_last_set: datetime = attributes.get("pwdLastSet", datetime.now()) pwd_last_set = pwd_last_set.replace(tzinfo=UTC) if created or pwd_last_set >= user.password_change_date: self.message(f"'{user.username}': Reset user's password") self._logger.debug( "Reset user's password", user=user.username, created=created, pwd_last_set=pwd_last_set, ) user.set_unusable_password() user.save()