Python3禁用AD账号
# LDAP服务器地址、端口号及连接参数 import ldap3 from ldap3 import Server, Connection,ALL server = Server('10.10.22.14',port=389,get_info=ALL) conn = Connection(server, user='admin', password='yyy',auto_bind=True) username='zdx' if conn.bind(): # 设置查询条件 #base_dn = 'OU=IT,OU=SOU,dc=test19,dc=com' base_dn = 'dc=test19,dc=com' #filterstr = "(objectClass=person)" filterstr=f'(&(objectClass=Person)(sAMAccountName={username}))' #print(filterstr) # 发起查询并获取结果 result = conn.search(base_dn, filterstr, attributes=['cn', 'mail', 'distinguishedName', 'sAMAccountName']) #print(result,conn.response) if result: res = conn.response entry = res[0] if 'raw_attributes' in entry.keys(): samaccountname = str(entry['raw_attributes']['sAMAccountName'][0].lower(),'utf-8') dn = str(entry['raw_attributes']['distinguishedName'][0].lower(),'utf-8') print(dn,samaccountname) # 禁用账户 mod_attrs = { 'userAccountControl': [(ldap3.MODIFY_REPLACE, [514])] # 514 表示禁用账户 } conn.modify(dn, mod_attrs) # 检查修改是否成功 if conn.result["description"] == "success": print(f"Account {dn} has been disabled.") else: print(f"Failed to disable account {dn}.") else: print(f"{username} not found.") else: print("No entries found.") else: print("Failed to bind with the server.") # 关闭连接 conn.unbind()
Python3使用管理员权限重置AD账号密码
# LDAP服务器地址、端口号及连接参数 import ldap3 from ldap3 import Server, Connection,ALL server = Server('10.10.22.14',port=636,get_info=ALL,use_ssl=True) #修改密码必须要使用ldaps conn = Connection(server, user='admin', password='Yyy',auto_bind=True) username='zdx' new_pwd='Y11' if conn.bind(): # 设置查询条件 #base_dn = 'OU=IT,OU=SOU,dc=test19,dc=com' base_dn = 'dc=test19,dc=com' #filterstr = "(objectClass=person)" filterstr=f'(&(objectClass=Person)(sAMAccountName={username}))' #print(filterstr) # 发起查询并获取结果 result = conn.search(base_dn, filterstr, attributes=['cn', 'mail', 'distinguishedName', 'sAMAccountName']) #print(result,conn.response) if result: res = conn.response entry = res[0] if 'raw_attributes' in entry.keys(): samaccountname = str(entry['raw_attributes']['sAMAccountName'][0].lower(),'utf-8') dn = str(entry['raw_attributes']['distinguishedName'][0].lower(),'utf-8') print(dn,samaccountname) pwd_change={ 'userPassword':[(ldap3.MODIFY_REPLACE,[new_pwd])], 'unicodePwd':[(ldap3.MODIFY_REPLACE,[f'"{new_pwd}"'.encode('utf-16-le')])], 'userAccountControl':[(ldap3.MODIFY_REPLACE,[512])] } conn.modify(dn,pwd_change) else: print(f"{username} not found.") else: print("No entries found.") else: print("Failed to bind with the server.") # 关闭连接 conn.unbind()
参考:https://blog.51cto.com/u_13366251/7418664
https://www.cnblogs.com/cptao/p/15515047.html 使用旧密码修改新密码
标签:dn,AD,dc,Python3,conn,print,attributes,ldap3,账号密码 From: https://www.cnblogs.com/dreamer-fish/p/18305554