def isexpired(self, samaccountname): """ Is a given sAMAccountName expired? accountExpires is the number of ticks (100n/s [.0000001s]) since 12:00AM Jan 1, 1601. [#thanksMS]_ Additionally, it's in UTC If a user object in Active Directory has never had an expiration date, the accountExpires attribute is set to a huge number. The actual value is 2^63 - 1, or 9,223,372,036,854,775,807. """ winnt_time = int(self.getattr(samaccountname, 'accountExpires')) never_expires = 9223372036854775807L if winnt_time == never_expires or winnt_time == 0: return False return datetime.datetime.now() > epochToDatetime(winnt_time)
def islocked(self, samaccountname): """Is a given account locked? MSDN has this to say about lockoutTime: The date and time (UTC) that this account was locked out. This value is stored as a large integer that represents the number of 100-nanosecond intervals since January 1, 1601 (UTC). A value of zero means that the account is not currently locked out. However, further down the MSDN page says: This attribute value is only reset when the account is logged onto successfully. This means that this value may be non zero, yet the account is not locked out. To accurately determine if the account is locked out, you must add the Lockout-Duration to this time and compare the result to the current time, accounting for local time zones and daylight savings time. """ if self.getattr(samaccountname, 'lockoutTime') is None: return False lockoutTime = int(self.getattr(samaccountname, 'lockoutTime')) if lockoutTime == 0: return False lockoutDuration = int(self.getattr(samaccountname, 'lockoutDuration') or 0) validAfter = epochToDatetime(lockoutTime + lockoutDuration) if validAfter < datetime.datetime.now(): return False # Otherwise, the account is locked. return True