Skip to content

Instantly share code, notes, and snippets.

@meetpradeepp

meetpradeepp/ms_ad_connect.py

Created August 2, 2020 10:56
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save meetpradeepp/fba3e1b719176b340d214ac8cd5cf72d to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save meetpradeepp/fba3e1b719176b340d214ac8cd5cf72d to your computer and use it in GitHub Desktop.
Download ZIP
Microsoft Active Directory Connect and Search users and Groups
Raw
ms_ad_connect.py
# ms_ad_connect.py
#
# Code to query microsoft active directory
#
#
#
#
import sys
import ldap3
import json
from ldap3 import Server, Connection, ALL, SCHEMA, NTLM, SUBTREE, BASE
from ldap3 import ObjectDef, Reader
# AD details
AD_SERVERS = ['127.0.0.1']
AD_BIND_USER = 'Test\\pradeepp'
AD_BIND_PWD = 'EnterYourCredentials'
# BaseDN
AD_GROUP_BASEDN = 'dc=test,dc=com'
AD_USER_BASEDN = 'cn=users,dc=test,dc=com'
# Search only enabled users
AD_USER_FILTER_BYNAME = '(&(objectCategory=person)(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(sAMAccountName={username}))'
# Search DN only for enabled users
AD_USER_FILTER_BYDN = '(&(objectCategory=person)(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))'
# Search Group by name
AD_GROUP_FILTER_BYNAME = '(&(objectCategory=group)(cn={group_name}))'
# Group membership
AD_GROUP_MEMBER_FILTER = '(memberOf:1.2.840.113556.1.4.1941:={group_dn})'
def ad_auth(username=AD_BIND_USER, password=AD_BIND_PWD, address=AD_SERVERS[0]):
""" Authenticates to the server"""
# Connect
ad = Server(address, use_ssl=False, get_info=ALL)
conn = Connection(ad, user=username, password=password, check_names=False)
try:
conn.bind()
print('Connection Established')
#print(conn)
except Exception as e:
print(e.message['desc'])
return 'Error', False
# successful result
return conn, True
def get_dn_by_username(username, ad_conn=None, basedn=AD_USER_BASEDN):
""" Search and return the Distinguished name of username """
return_dn = ''
ad_filter = AD_USER_FILTER_BYNAME.replace('{username}', username)
#print(ad_filter)
elements = ad_conn.extend.standard.paged_search(search_base=basedn,
search_scope=SUBTREE,
search_filter=ad_filter)
for e in elements:
if 'dn' in e:
return_dn = e['dn']
return return_dn
def get_email_by_dn(dn, ad_conn=None):
""" Get email by the distinguished name """
return_email = ''
ad_filter = AD_USER_FILTER_BYDN
elements = ad_conn.extend.standard.paged_search(search_base=dn,
search_scope=BASE,
search_filter=ad_filter,
attributes=['mail'],
size_limit=0)
for e in elements:
if 'dn' in e and e['attributes']['mail']:
return_email = e['attributes']['mail'][0]
return return_email
def get_group_dn(group_name, ad_conn=None, basedn=AD_GROUP_BASEDN):
""" Get group DN """
return_dn = ''
ad_filter = AD_GROUP_FILTER_BYNAME.replace('{group_name}', group_name)
elements = ad_conn.extend.standard.paged_search(search_base=basedn,
search_scope=SUBTREE,
search_filter=ad_filter,
size_limit=0)
for e in elements:
if 'dn' in e:
return_dn = e['dn']
return return_dn
def get_group_members(group_name, ad_conn=None, basedn=AD_GROUP_BASEDN):
""" Get group membership """
members = []
ad_filter = AD_GROUP_MEMBER_FILTER.replace('{group_dn}',
get_group_dn(group_name,ad_conn))
#print(ad_filter)
elements = ad_conn.extend.standard.paged_search(search_base=basedn,
search_scope=SUBTREE,
search_filter=ad_filter,
attributes=["*"],
size_limit=0)
for e in elements:
if 'dn' in e:
# Add the email of the member
members.append(get_email_by_dn(e['dn'], ad_conn))
return members
if __name__ == "__main__":
ad_conn, result = ad_auth()
if result:
dn=get_dn_by_username('tuser',ad_conn)
#print(dn)
print('Email:'+get_email_by_dn(dn,ad_conn))
group_members = get_group_members('Domain Admins', ad_conn)
for m in group_members:
print(m)
# cleanup
ad_conn.unbind()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment