def execute_query(self,
attributes=["distinguishedName"],
where_clause=None,
type="LDAP",
base_dn=None,
page_size=1000,
options={}):
assert type in ("LDAP", "GC")
if not base_dn:
if type == "LDAP":
base_dn = self.default_domain
if type == "GC":
base_dn = default_forest
query = "SELECT %s FROM '%s'" % (','.join(attributes),
pyadutils.generate_ads_path(
base_dn, type,
self.default_ldap_server,
self.default_ldap_port))
if where_clause:
query = ' '.join((query, 'WHERE', where_clause))
command = win32com.client.Dispatch("ADODB.Command")
command.ActiveConnection = self.__adodb_conn
command.Properties("Page Size").value = page_size
command.Properties("Searchscope").value = ADQuery.ADS_SCOPE_SUBTREE
command.CommandText = query
self.__rs, self.__rc = command.Execute()
self.__queried = True
def execute_query(self, attributes=["distinguishedName"], where_clause=None,
type="LDAP", base_dn=None, page_size=1000,
search_scope="subtree", options={}):
assert type in ("LDAP", "GC")
if not base_dn:
if type == "LDAP":
base_dn = self._safe_default_domain
if type == "GC":
base_dn = self._safe_default_forest
query = "SELECT %s FROM '%s'" % (','.join(attributes),
pyadutils.generate_ads_path(base_dn, type,
self.default_ldap_server, self.default_ldap_port))
if where_clause:
query = ' '.join((query, 'WHERE', where_clause))
command = win32com.client.Dispatch("ADODB.Command")
command.ActiveConnection = self.__adodb_conn
command.Properties("Page Size").Value = page_size
if search_scope == "subtree":
command.Properties("Searchscope").Value = ADQuery.ADS_SCOPE_SUBTREE
elif search_scope == "onelevel":
command.Properties("Searchscope").Value = ADQuery.ADS_SCOPE_ONELEVEL
elif search_scope == "base":
command.Properties("Searchscope").Value = ADQuery.ADS_SCOPE_BASE
else:
raise Exception("Unknown search_base %s, must be subtree, "\
"onelevel or base" % search_scope)
command.CommandText = query
self.__rs, self.__rc = command.Execute()
self.__queried = True
def _init_global_catalog_object(self, options={}):
"""Initializes the global catalog ADSI com object to be
used when querying the global catalog instead of the domain directly."""
if not self._gc_adsi_obj:
self._gc_adsi_obj = self.adsi_provider.GetObject(
'',
pyadutils.generate_ads_path(self.dn, 'GC',
options.get('server'),
options.get('port')))
def execute_query(self, attributes=["distinguishedName"], where_clause=None, type="LDAP", base_dn=None, server=None, port=None):
if not base_dn:
if type == "LDAP":
base_dn = self.default_domain
if type == "GC":
base_dn = default_forest
query = "SELECT %s FROM '%s'" % (','.join(attributes), pyadutils.generate_ads_path(base_dn, type, server, port))
if where_clause:
query = ' '.join((query, 'WHERE', where_clause))
self.__rs,self.__rc = self.__adodb_conn.Execute(query)
self.__queried = True
def __set_gc_adsi_obj(self):
path = pyadutils.generate_ads_path(self.dn, 'GC',
self.default_gc_server,
self.default_gc_port)
if self.default_username and self.default_password:
_ds = self.adsi_provider.getObject('', "LDAP:")
flag = ADS_AUTHENTICATION_TYPE['ADS_SECURE_AUTHENTICATION']
if self.default_ssl:
flag = flag | ADS_AUTHENTICATION_TYPE['ADS_USE_ENCRYPTION']
self._gc_adsi_obj = _ds.OpenDSObject(path, self.default_username,
self.default_password, flag)
else:
self._gc_adsi_obj = self.adsi_provider.GetObject('', path)
def __init__(self,
distinguished_name=None,
adsi_ldap_com_object=None,
options={}):
if adsi_ldap_com_object:
self._ldap_adsi_obj = adsi_ldap_com_object
elif distinguished_name:
self._set_defaults(options)
self.__ads_path = pyadutils.generate_ads_path(
distinguished_name, self.default_ldap_protocol,
self.default_ldap_server, self.default_ldap_port)
self.__set_adsi_obj()
else:
raise Exception(
"Either a distinguished name or a COM object must be provided to create an ADObject"
)
# by pulling the DN from object instead of what is passed in,
# we guarantee correct capitalization
self.__distinguished_name = self.get_attribute('distinguishedName',
False)
self.__object_guid = self.get_attribute('objectGUID', False)
if self.__object_guid is not None:
self.__object_guid = pyadutils.convert_guid(self.__object_guid)
# Set pyAD Object Type
occn = self.get_attribute('objectCategory', False)
if occn:
# pull out CN from DN
object_category_cn = occn.split('=', 1)[1].split(",", 1)[0]
# some object categories are not very human readable
# so we provide the option to override
if object_category_cn in PYAD_CATEGORY_TYPE_OVERRIDE_MAPPPINGS:
self._type = PYAD_CATEGORY_TYPE_OVERRIDE_MAPPPINGS[
object_category_cn]
else:
self._type = object_category_cn.lower()
else:
# Sometimes you don't have access to objectCategory attribute,
# try, with objectClass attribute
objClass = self.get_attribute('objectClass', True)
if 'domain' in objClass:
self._type = 'domain'
elif 'user' in objClass:
self._type = 'user'
elif 'organizationalUnit' in objClass:
self._type = 'organizationalUnit'
else:
self._type = 'unknown'
def __init__(self, distinguished_name=None, adsi_ldap_com_object=None, options={}):
if adsi_ldap_com_object:
self._ldap_adsi_obj = adsi_ldap_com_object
elif distinguished_name:
if 'server' in options:
self.default_ldap_server = options['server']
if 'port' in options:
self.default_ldap_port = options['port']
self.__ads_path = pyadutils.generate_ads_path(distinguished_name, 'LDAP', self.default_ldap_server, self.default_ldap_port)
try:
self._ldap_adsi_obj = self.adsi_provider.getObject('',self.__ads_path)
except pywintypes.com_error, excpt:
additional_info = {
'distinguished_name':distinguished_name,
'server':self.default_ldap_server,
'port':self.default_ldap_port
}
pyadutils.pass_up_com_exception(excpt, additional_info)
def __init__(self, distinguished_name=None, adsi_ldap_com_object=None, options={}):
if adsi_ldap_com_object:
self._ldap_adsi_obj = adsi_ldap_com_object
elif distinguished_name:
self._set_defaults(options)
self.__ads_path = pyadutils.generate_ads_path(distinguished_name,
self.default_ldap_protocol,
self.default_ldap_server,
self.default_ldap_port
)
self.__set_adsi_obj()
else:
raise Exception("Either a distinguished name or a COM object must be provided to create an ADObject")
# by pulling the DN from object instead of what is passed in,
# we guarantee correct capitalization
self.__distinguished_name = self.get_attribute('distinguishedName', False)
self.__object_guid = self.get_attribute('objectGUID', False)
if self.__object_guid is not None:
self.__object_guid = pyadutils.convert_guid(self.__object_guid)
# Set pyAD Object Type
occn = self.get_attribute('objectCategory',False)
if occn:
# pull out CN from DN
object_category_cn = occn.split('=',1)[1].split(",",1)[0]
# some object categories are not very human readable
# so we provide the option to override
if object_category_cn in PYAD_CATEGORY_TYPE_OVERRIDE_MAPPPINGS:
self._type = PYAD_CATEGORY_TYPE_OVERRIDE_MAPPPINGS[object_category_cn]
else:
self._type = object_category_cn.lower()
else:
# Sometimes you don't have access to objectCategory attribute,
# try, with objectClass attribute
objClass = self.get_attribute('objectClass',True)
if 'domain' in objClass:
self._type = 'domain'
elif 'user' in objClass:
self._type = 'user'
elif 'organizationalUnit' in objClass:
self._type = 'organizationalUnit'
else:
self._type = 'unknown'
def __set_gc_adsi_obj(self):
path = pyadutils.generate_ads_path(
self.dn,
'GC',
self.default_gc_server,
self.default_gc_port
)
if self.default_username and self.default_password:
_ds = self.adsi_provider.getObject('', "LDAP:")
flag = ADS_AUTHENTICATION_TYPE['ADS_SECURE_AUTHENTICATION']
if self.default_ssl:
flag = flag | ADS_AUTHENTICATION_TYPE['ADS_USE_ENCRYPTION']
self._gc_adsi_obj = _ds.OpenDSObject(
path,
self.default_username,
self.default_password,
flag)
else:
self._gc_adsi_obj = self.adsi_provider.GetObject('', path)
def execute_query(self, attributes=["distinguishedName"], where_clause=None,
type="LDAP", base_dn=None, page_size=1000, options={}):
assert type in ("LDAP", "GC")
if not base_dn:
if type == "LDAP":
base_dn = self.default_domain
if type == "GC":
base_dn = default_forest
query = "SELECT %s FROM '%s'" % (','.join(attributes),
pyadutils.generate_ads_path(base_dn, type,
self.default_ldap_server, self.default_ldap_port))
if where_clause:
query = ' '.join((query, 'WHERE', where_clause))
command = win32com.client.Dispatch("ADODB.Command")
command.ActiveConnection = self.__adodb_conn
command.Properties("Page Size").value = page_size
command.Properties("Searchscope").value = ADQuery.ADS_SCOPE_SUBTREE
command.CommandText = query
self.__rs, self.__rc = command.Execute()
self.__queried = True
def execute_query(self,
attributes=["distinguishedName"],
where_clause=None,
type="LDAP",
base_dn=None,
page_size=1000,
search_scope="subtree",
options={}):
assert type in ("LDAP", "GC")
if not base_dn:
if type == "LDAP":
base_dn = self._safe_default_domain
if type == "GC":
base_dn = self._safe_default_forest
query = "SELECT %s FROM '%s'" % (','.join(attributes),
pyadutils.generate_ads_path(
base_dn, type,
self.default_ldap_server,
self.default_ldap_port))
if where_clause:
query = ' '.join((query, 'WHERE', where_clause))
command = win32com.client.Dispatch("ADODB.Command")
command.ActiveConnection = self.__adodb_conn
command.Properties("Page Size").Value = page_size
if search_scope == "subtree":
command.Properties("Searchscope").Value = ADQuery.ADS_SCOPE_SUBTREE
elif search_scope == "onelevel":
command.Properties(
"Searchscope").Value = ADQuery.ADS_SCOPE_ONELEVEL
elif search_scope == "base":
command.Properties("Searchscope").Value = ADQuery.ADS_SCOPE_BASE
else:
raise Exception("Unknown search_base %s, must be subtree, "\
"onelevel or base" % search_scope)
command.CommandText = query
self.__rs, self.__rc = command.Execute()
self.__queried = True
def __init__(self,
distinguished_name=None,
adsi_ldap_com_object=None,
options={}):
if adsi_ldap_com_object:
self._ldap_adsi_obj = adsi_ldap_com_object
elif distinguished_name:
if 'server' in options:
self.default_ldap_server = options['server']
if 'port' in options:
self.default_ldap_port = options['port']
self.__ads_path = pyadutils.generate_ads_path(
distinguished_name, 'LDAP', self.default_ldap_server,
self.default_ldap_port)
try:
self._ldap_adsi_obj = self.adsi_provider.getObject(
'', self.__ads_path)
except pywintypes.com_error, excpt:
additional_info = {
'distinguished_name': distinguished_name,
'server': self.default_ldap_server,
'port': self.default_ldap_port
}
pyadutils.pass_up_com_exception(excpt, additional_info)
self.get_attribute('pwdLastSet', False))
def move(self, new_ou_object):
"""Moves the object to a new organizationalUnit.
new_ou_object expects a ADContainer object where the current object will be moved to."""
try:
new_ou_object._ldap_adsi_obj.MoveHere(('LDAP://' + self.dn),
self.prefixed_cn)
new_ou_object._flush()
except pywintypes.com_error, excpt:
pyadutils.pass_up_com_exception(excpt)
new_dn = ','.join((self.prefixed_cn, new_ou_object.dn))
time.sleep(.5)
self.__ads_path = pyadutils.generate_ads_path(new_dn, 'LDAP',
self.default_ldap_server,
self.default_ldap_port)
self._ldap_adsi_obj = self.adsi_provider.getObject('', self.__ads_path)
self.__distinguished_name = self.get_attribute('distinguishedName',
False)
def rename(self, new_name, set_sAMAccountName=True):
"""Renames the current object within its current organizationalUnit.
new_name expects the new name of the object (just CN not prefixed CN or distinguishedName)."""
parent = self.parent_container
if self.type == 'organizationalUnit':
pcn = 'ou='
else:
pcn = 'cn='
pcn += new_name
try:
def _init_global_catalog_object(self, options={}):
"""Initializes the global catalog ADSI com object to be
used when querying the global catalog instead of the domain directly."""
if not self._gc_adsi_obj:
self._gc_adsi_obj = _adsi_provider.GetObject('',pyadutils.generate_ads_path(self.dn, 'GC', options.get('server'), options.get('port')))
'uSNChanged', False))
def move(self, new_ou_object):
"""Moves the object to a new organizationalUnit.
new_ou_object expects a ADContainer object where the current object will be moved to."""
try:
new_path = self.default_ldap_protocol + '://' + self.dn
new_ou_object._ldap_adsi_obj.MoveHere(new_path, self.prefixed_cn)
new_ou_object._flush()
except pywintypes.com_error, excpt:
pyadutils.pass_up_com_exception(excpt)
new_dn = ','.join((self.prefixed_cn, new_ou_object.dn))
time.sleep(.5)
self.__ads_path = pyadutils.generate_ads_path(
new_dn, self.default_ldap_protocol, self.default_ldap_server,
self.default_ldap_port)
self.__set_adsi_obj()
self.__set_gc_adsi_obj()
self.__distinguished_name = self.get_attribute('distinguishedName',
False)
def rename(self, new_name, set_sAMAccountName=True):
"""Renames the current object within its current organizationalUnit.
new_name expects the new name of the object (just CN not prefixed CN or distinguishedName)."""
parent = self.parent_container
if self.type == 'organizationalUnit':
pcn = 'ou='
else:
pcn = 'cn='
pcn += new_name
"""Returns uSNChanged as a single integer from the current domain controller"""
return pyadutils.convert_bigint(self.get_attribute('uSNChanged', False))
def move(self, new_ou_object):
"""Moves the object to a new organizationalUnit.
new_ou_object expects a ADContainer object where the current object will be moved to."""
try:
new_path = self.default_ldap_protocol + '://' + self.dn
new_ou_object._ldap_adsi_obj.MoveHere(new_path, self.prefixed_cn)
new_ou_object._flush()
except pywintypes.com_error, excpt:
pyadutils.pass_up_com_exception(excpt)
new_dn = ','.join((self.prefixed_cn, new_ou_object.dn))
time.sleep(.5)
self.__ads_path = pyadutils.generate_ads_path(new_dn, self.default_ldap_protocol,
self.default_ldap_server, self.default_ldap_port)
self.__set_adsi_obj()
self.__set_gc_adsi_obj()
self.__distinguished_name = self.get_attribute('distinguishedName', False)
def rename(self, new_name, set_sAMAccountName=True):
"""Renames the current object within its current organizationalUnit.
new_name expects the new name of the object (just CN not prefixed CN or distinguishedName)."""
parent = self.parent_container
if self.type == 'organizationalUnit':
pcn = 'ou='
else:
pcn = 'cn='
pcn += new_name
try:
if self.type in ('user', 'computer', 'group') and set_sAMAccountName:
# http://www.microsoft.com/technet/scriptcenter/topics/win2003/lastlogon.mspx
# kudos to http://docs.activestate.com/activepython/2.6/pywin32/html/com/help/active_directory.html
return pyadutils.convert_datetime(self.get_attribute('pwdLastSet',False))
def move(self, new_ou_object):
"""Moves the object to a new organizationalUnit.
new_ou_object expects a ADContainer object where the current object will be moved to."""
try:
new_ou_object._ldap_adsi_obj.MoveHere(('LDAP://'+self.dn),self.prefixed_cn)
new_ou_object._flush()
except pywintypes.com_error, excpt:
pyadutils.pass_up_com_exception(excpt)
new_dn = ','.join((self.prefixed_cn,new_ou_object.dn))
time.sleep(.5)
self.__ads_path = pyadutils.generate_ads_path(new_dn, 'LDAP', self.default_ldap_server, self.default_ldap_port)
self._ldap_adsi_obj = _adsi_provider.getObject('',self.__ads_path)
self.__distinguished_name = self.get_attribute('distinguishedName',False)
def rename(self, new_name, set_sAMAccountName=True):
"""Renames the current object within its current organizationalUnit.
new_name expects the new name of the object (just CN not prefixed CN or distinguishedName)."""
parent = self.get_parent_container()
if self.type == 'organizationalUnit': pcn = 'ou='
else: pcn = 'cn='
pcn += new_name
try:
if self.type in ('user','computer','group') and set_sAMAccountName:
self._ldap_adsi_obj.Put('sAMAccountName', new_name)
parent._ldap_adsi_obj.MoveHere(('LDAP://'+self.dn), pcn)
self._ldap_adsi_obj.GetInfoEx((distinguishedName, cn), 0)