print "Create an AD group entry"
groupid = ii
groupdn = "ou=Group%d,ou=people,%s" % (groupid, suffix)
ent = Entry(groupdn)
ent.setValues('objectclass', 'group')
ent.setValues('groupType', '2')
ent.setValues('objectGUID', struct.pack('B', groupid))
ent.setValues('member', 'cn=Test User0, ou=people,' + suffix)
ent.setValues('description', 'should not be synced to DS')
try: ad.add_s(ent)
except ldap.ALREADY_EXISTS: pass
groupids.append(ii)
ii += 1
else:
print "Search the AD to get the entries which will be returned with the dirsync control"
ents = ad.search_ext_s(suffix, scope, '(objectclass=user)',
None, 0, [DirSyncCtrl(1, 0, -1)])
for ent in ents:
print "Entry", ent.dn
if not ent.userAccountControl:
print "\thas no userAccountControl - skipping"
continue
val = int(ent.userAccountControl)
if val & 0x20: # PASSWD_NOTREQD
print "\tis marked as no password required - skipping"
continue
if val & 0x200: # a normal account
ent.setValues('nTSecurityDescriptor', '')
if ent.isCriticalSystemObject:
print "\tisCriticalSystemObject - skipping"
continue
if ent.samaccountname.startswith("SUPPORT_"):
