Menu
▾
▴
Re: Creating Active Directory Objects
|
From: Joe L. <jo...@op...> - 2007-11-08 18:12:35
|
Here's something that may be useful in this conversation about AD =20
Objects. I wrote with some reference help a script to pack a SID as I =20=
was creating the necessary objects to create AD accounts from python =20
using python-ldap:
"""
packsid
"""
import base64,struct
def packsid(textsid):
if textsid[0] !=3D 'S':
return;
data =3D (textsid[2:]).split('-')
rev =3D int(data[0])
idauth =3D int(data[1])
subauthcount =3D len(data) - 2
packedsid =3D struct.pack("8B", rev, subauthcount, 0, 0, 0, 0, 0, =20
idauth)
for i in range(0,subauthcount):
addpack =3D struct.pack("<L", long(data[2+i]))
packedsid =3D packedsid+addpack
return packedsid
respack =3D packsid('S-1-5-21-1398680112-2183325515-263647921-996')
resenc =3D base64.encodestring(respack)
print resenc
I barely remember how I arrived at each part, but it was mostly =20
through trial and error.
On Nov 7, 2007, at 10:50 AM, Geert Jansen wrote:
> Michael Str=F6der wrote:
>
>> I vaguely remember that there are some issues with really =20
>> activating a
>> user entry as a Windows user. But this is not a problem of =20
>> accessing AD
>> via python-ldap.
>>
>
> This indeed rings a bell. You need to create the user as disabled =20
> (look
> for userAccountControl on MSDN), set a compliant password, and then
> enable him.
>
> Regards,
> Geert
>
> ----------------------------------------------------------------------=20=
> ---
> This SF.net email is sponsored by: Splunk Inc.
> Still grepping through log files to find problems? Stop.
> Now Search log events and configuration files using AJAX and a =20
> browser.
> Download your FREE copy of Splunk now >> http://get.splunk.com/
> _______________________________________________
> Python-LDAP-dev mailing list
> Pyt...@li...
> https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
|
