def SearchAD(username='******'):
q = adquery.ADQuery()
q.execute_query(
attributes=["cn", "member", "sAMAccountType", "sAMAccountName"],
where_clause=("sAMAccountName = '" + username + "'"),
)
return q.get_results()
def query_generator(get_attributes=[],
where_clause="objectClass = '*'",
base_dn=''):
q = adquery.ADQuery()
q.execute_query(attributes=get_attributes,
where_clause=where_clause,
base_dn=base_dn)
for r in q.get_results():
yield r
def get_title(user_id):
try:
title = adquery.ADQuery()
title.execute_query(
attributes=["title"],
where_clause=f"SamAccountName = '{user_id}'",
)
title = title.get_single_result()["title"]
return title
except:
return "None"
def QryUser(username='******'): # Query AD username (sAMAccountName)
q = adquery.ADQuery()
q.execute_query(
attributes=[
"cn", "member", "sAMAccountType", "sAMAccountName", "displayName",
"name"
],
where_clause=("sAMAccountName = '" + username + "'"),
)
allRestuls = ()
allResults = q.get_results
return allResults()
def QryGroup(name='BCRinformatics'): # Query AD by group (name)
q = adquery.ADQuery()
q.execute_query(
attributes=[
"cn", "member", "sAMAccountType", "sAMAccountName", "displayName",
"name"
],
where_clause=("name = '" + name + "'"),
)
allRestuls = ()
allResults = q.get_results
return allResults()
def QryName(name='Bateman, Thomas (Admin ID)'): # Query AD by name (name)
q = adquery.ADQuery()
q.execute_query(
attributes=[
"cn", "member", "sAMAccountType", "sAMAccountName", "displayName",
"name"
],
where_clause=("name = '" + name + "'"),
)
allRestuls = ()
allResults = q.get_results
return allResults()
def get_username(user_id):
try:
username = adquery.ADQuery()
username.execute_query(
attributes=["cn"],
where_clause=f"SamAccountName = '{user_id}'",
)
username = username.get_single_result()["cn"]
username = username.split(",")
username = username[::-1]
username = "******".join(username)
return username
except:
return user_id
def SearchAD(username='******'):
q = adquery.ADQuery()
q.execute_query(
attributes=["cn", "member", "sAMAccountType", "sAMAccountName"],
where_clause=("sAMAccountName = '" + username + "'"),
)
# for r in q.get_results():
# print("CN: ",r['cn'])
# print("MEMBER: ",r['member'])
# print("SAMAccountType: ",r['sAMAccountType'])
# print("sAMAccountName: ",r['sAMAccountName'])
return q.get_results()
def main():
q = adquery.ADQuery()
q.execute_query(
attributes=["distinguishedName", "displayName", "memberOf", "mail"],
where_clause="objectClass = 'User'",
base_dn="OU=PKW Corp,DC=pkwillis,DC=local")
for row in q.get_results():
logging.info("Inspecting " + row["distinguishedName"])
user1 = aduser.ADUser.from_dn(row["distinguishedName"])
address = row["mail"]
pwLastSet = user1.get_password_last_set()
pwAge = (datetime.today() - pwLastSet).days
uctl = user1.get_user_account_control_settings()
pwDoesntExpire = uctl["DONT_EXPIRE_PASSWD"]
pwDisabled = uctl["ACCOUNTDISABLE"]
badOU = "Computers" in row["distinguishedName"] or "SecuredProfiles" in row["distinguishedName"] or \
"Security Groups" in row["distinguishedName"] or "Training" in row["distinguishedName"] or "PKW7" in row["distinguishedName"]
pwExpirationDate = (
pwLastSet + timedelta(MAXPASSWORDAGEINDAYS)).strftime("%m/%d/%Y")
if badOU == False and pwDoesntExpire == False and pwDisabled == False and pwAge > MAXPASSWORDAGEINDAYS - 7:
if pwAge > MAXPASSWORDAGEINDAYS:
# push to a stack so we can report all of these at the same time at the end of the log.
deque.append("Found expired PW for " + row["displayName"] +
": PW is " + str(pwAge) +
" days old. PW_Doesn't_Expire flag is " +
str(pwDoesntExpire) + " and Expires on " +
str(pwExpirationDate))
else:
logging.info("Preparing to email warning to " +
row["displayName"] + ": PW is " + str(pwAge) +
" days old. PW_Doesn't_Expire flag is " +
str(pwDoesntExpire) + " and Expires on " +
str(pwExpirationDate))
msg = makeMessage(row["displayName"],
MAXPASSWORDAGEINDAYS - pwAge,
pwExpirationDate)
mailMsg(address, msg, MAXPASSWORDAGEINDAYS - pwAge,
row["displayName"])
from pyad import adquery, aduser, addomain
## Get all user related information
q = adquery.ADQuery()
q.execute_query(attributes=["distinguishedName", "sAMAccountName"],
where_clause="objectClass = '*'",
base_dn="CN=users, DC=centralapp, DC=com")
count = 0
for row in q.get_results():
if row['sAMAccountName'] == "<enter_user_id>":
count = count + 1
print("User Found")
aduser_user = aduser.ADUser(
distinguished_name=row['distinguishedName'])
print("AccountDisable ...{}".format(
aduser_user.get_user_account_control_settings()['ACCOUNTDISABLE']))
print(aduser_user.get_max_pwd_age())
print("Password Expired .. {}".format(
aduser_user.get_password_expired()))
print("Last Password reset .. {}".format(
aduser_user.get_password_last_set()))
print("Expiry Date .. {}".format(aduser_user.get_expiration()))
aduser_obj = aduser.ADObject(
distinguished_name=row['distinguishedName'])
print("Members Ofs .. ")
for each in aduser_obj.get_memberOfs():
print("\t" + str(each))
print(aduser_obj.dump_to_xml())
def QueryAD(attributes=[], where='', OU=''):
q = adquery.ADQuery()
q.execute_query(attributes=attributes, where_clause=where, base_dn=OU)
return q.get_results()
def domainUserExists(username):
q = adquery.ADQuery()
q.execute_query(attributes=['distinguishedName'],
where_clause="sAMAccountName = '%s'"%username,
base_dn = "OU=Accounts, DC=solano, DC=cc, DC=ca, DC=us")
return len(list(q.get_results())) == 1
def creategroup(state1):
#bb = raw_input("Enter users last names with commas spearating the names?")
btn3['state'] = "disable"
btn3.update()
btn2['state'] = "disable"
btn2.update()
btn1['state'] = "disable"
btn1.update()
bb = e1.get()
des = e2.get()
bb = bb.lower()
astate = ''
usmtcmd = ''
if bb == '' and state1 == 'extract':
#usmtcmd = " /i:MigDocs.xml /i:migapp.xml " + des + " /progress:prog.log /v:13 /all /lac /lae /l:load.log /decrypt /key:\"Windows10\""
astate = 'all'
btn['state'] = "active"
btn.update()
extractstate(usmtcmd, des, astate)
return "Exiting"
if bb == '' and state1 == 'load':
#usmtcmd = " /i:MigDocs.xml /i:migapp.xml " + des + " /progress:prog.log /v:13 /all /lac /lae /l:load.log /decrypt /key:\"Windows10\""
astate = 'all'
btn['state'] = "active"
btn.update()
loadstate(usmtcmd, des, astate)
return "Exiting"
if bb == '' and state1 == 'scan':
#usmtcmd = " /i:migdocs.xml /i:migapp.xml " + des + " /progress:prog.log /v:13 /l:usmt.log /encrypt /key:\"Windows10\""
astate = 'all'
btn['state'] = "active"
btn.update()
runusmt(usmtcmd, des, astate)
return "Exiting"
if bb == 'local' and state1 == 'scan':
local(usmtcmd, des, astate)
return "Exiting"
bb = bb.split(';')
# check_group(group)
# group = group.upper()
# owner = e3.get()
# owner = owner.upper()
# try:
# new_group = adgroup.ADGroup.create(group, ou, security_enabled=True, scope='UNIVERSAL', optional_attributes = {"description":owner})
# print "Just Created The New Group " +group
# except:
# print "The group already exists!"
# new_group = group
for i in range(len(bb)):
str = bb[i]
str = str[str.find("<") + 1:str.find(">")]
str = str.lower()
print "Looking UP " + bb[i].title() + " and " + bb[i].lower()
u = bb[i].title()
sa = bb[i].lower()
if "@battelle.org" in str:
u = str.lower()
sa = str.lower()
try:
q = adquery.ADQuery()
except:
print "Cannot Not Query Domain "
try:
q.execute_query(
attributes=["cn", "sAMAccountName", "userPrincipalName"],
where_clause="objectClass = '*'",
base_dn="DC=domain, DC=domain, DC=domain")
except:
print "Query Failed"
for row in q.get_results():
try:
i = row["cn"]
ii = row["sAMAccountName"].lower()
iii = row["userPrincipalName"].lower()
i2 = u
i3 = sa
if i2 in i or i3 in iii:
print "Name:" + i
print "Email:" + ii
print "Logon:" + iii
name = userinput()
if name == "n" or name == "":
print "You answered No"
name = "n"
name2 = name.lower()
#print "Answered No: "+name2
name2 = name.lower()
if name2 == "y":
b = i
print "Answered Yes, Looking up user: "******"", ii)
print iiii
sid_ = win32security.ConvertSidToStringSid(iiii)
aReg = ConnectRegistry(None, HKEY_LOCAL_MACHINE)
print sid_
if state1 == 'scan':
aKey = OpenKey(
aReg,
r"SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList"
)
for i in range(1024):
try:
asubkey_name = EnumKey(aKey, i)
if asubkey_name == sid_:
print "User found: " + ii + " and has this SID: " + sid_
users.append(sid_)
break
except EnvironmentError:
break
# try:
# new_group.add_members([user1])
#new_group.sync_membership([user1])
# except:
# print "Adding New Users "+b
# new_group1 = adgroup.ADGroup.from_cn(group)
# isthere = new_group1.check_contains_member(user1)
# if isthere == True:
# print "User Already in Group"
#new_group1 = adgroup.ADGroup.from_cn(group)
# else:
# new_group1.add_members([user1])
#print sid_
if state1 == 'load':
users.append(sid_)
break
except:
a = ""
#listgroup(new_group,group)
print users
#len(users)
#print len(users)
if state1 == 'scan':
#aa=r'/i:MigDocs.xml '
#bb==r'/i:MigDocs.xml '
#cc=r'/progress:prog.log '
#dd=r'/v:13 '
#ee=r'/l:usmt.log '
#ff=r'/encrypt '
#gg=r' /key:\"Windows10\" '
#hh=r' /ue:*\*'
#usmtcmd = r'/i:MigDocs.xml /i:MigApp.xml /progress:prog.log /v:13 /l:usmt.log /encrypt /key:\"Windows10\" /ue:*\*'
usmtcmd = ""
if state1 == 'load':
#usmtcmd = " /i:migdocs.xml /i:migapp.xml " + des + " /progress:prog.log /v:13 /lac /lae /l:load.log /decrypt /key:\"Windows10\" /ue:*"
usmtcmd = ""
#index=0
#for uu in users:
#print users[index]
#x=chr(92)
#domain=r'domainname'+x
#usmtcmd = usmtcmd + r'/ui:'+domain+users[index]+r' '
#usmtcmd = users[index]
#index += 1
usmtcmd = users
if len(usmtcmd) == 0:
print "Please Re-Run! No Users Found on this PC to Migrate"
btn3['state'] = "active"
btn3.update()
btn1['state'] = "active"
btn1.update()
return "Exiting"
#print usmtcmd
if state1 == 'scan':
runusmt(usmtcmd, des, astate)
btn['state'] = "active"
btn.update()
btn3['state'] = "disable"
btn3.update()
return "Exiting"
if state1 == 'load':
loadstate(usmtcmd, des, astate)
btn['state'] = "active"
btn.update()
btn3['state'] = "disable"
btn3.update()
return "Exiting"
print "Finished! Please Run Again or Quit!"
def query(get_attributes=[], where_clause="objectClass = '*'", base_dn=''):
q = adquery.ADQuery()
q.execute_query(attributes=get_attributes,
where_clause=where_clause,
base_dn=base_dn)
return list(q.get_results())
