def isexpired(self, samaccountname):
""" Is a given sAMAccountName expired?
accountExpires is the number of ticks (100n/s [.0000001s])
since 12:00AM Jan 1, 1601. [#thanksMS]_ Additionally, it's in UTC
If a user object in Active Directory has never had an
expiration date, the accountExpires attribute is set to a huge
number. The actual value is 2^63 - 1, or
9,223,372,036,854,775,807.
"""
winnt_time = int(self.getattr(samaccountname, 'accountExpires'))
never_expires = 9223372036854775807L
if winnt_time == never_expires or winnt_time == 0:
return False
return datetime.datetime.now() > epochToDatetime(winnt_time)
def islocked(self, samaccountname):
"""Is a given account locked?
MSDN has this to say about lockoutTime:
The date and time (UTC) that this account was locked out. This
value is stored as a large integer that represents the number
of 100-nanosecond intervals since January 1, 1601 (UTC). A
value of zero means that the account is not currently locked
out.
However, further down the MSDN page says:
This attribute value is only reset when the account is logged
onto successfully. This means that this value may be non zero,
yet the account is not locked out. To accurately determine if
the account is locked out, you must add the Lockout-Duration
to this time and compare the result to the current time,
accounting for local time zones and daylight savings time.
"""
if self.getattr(samaccountname, 'lockoutTime') is None:
return False
lockoutTime = int(self.getattr(samaccountname, 'lockoutTime'))
if lockoutTime == 0:
return False
lockoutDuration = int(self.getattr(samaccountname, 'lockoutDuration') or 0)
validAfter = epochToDatetime(lockoutTime + lockoutDuration)
if validAfter < datetime.datetime.now():
return False
# Otherwise, the account is locked.
return True
