Accessing Microsoft Active Directory Using Python

by Applied Informatics

Active Directory (AD) is a directory service that Microsoft developed for Windows domain networks and is included in most Windows Server operating systems as a set of processes and services. An AD domain controller authenticates and authorizes all users and computers in a Windows domain type network. We can access the AD using the protocol LDAP  to get information of all users. 

Requirements:

  • Python (2.7)
  • Python-ldap (pip install python-ldap)

Accessing AD using Python LDAP:

  • First we have to Intialize to AD: 
    • Suppose we have an LDAP server “ldaps://ldap abc.org”. To initialize the LDAP server we can do ldap.initialize(‘ldaps://ldap abc.org‘) 
  • Second is to give credentials : After initialization we have to give credentials to connect with the server.eg : we have user faizaan and password be XXXXXX. To connect with the server put credentials like l.simple_bind_s(“faizaan”,”********”)

If the connection is established successfully we will get a response like (97,[])

For unsuccessful logins we get a reply like:

         ldap.INVALID_CREDENTIALS: {‘info’: ‘80090308: LdapErr: DSID-0C0903A9,

         comment: AcceptSecurityContext error, data 773, v1db1′, ‘desc’: ‘Invalid

         credentials’}

  • To get information of users: For this we have to set filter query like

          l.search_ext_s(basedn,ldap.SCOPE_SUBTREE,”(cn=svc*”,[‘cn’,’sAMAccoutName’,’mail’])

  • basedn =’DC=abc,DC=org’ (DC = Domain Controller)
  • scope =  SCOPE_SUBTREE to search the object and all its descendants
  • cn = “fai*” (search keyword means all names starting with “fai”)
  • cn’,’sAMAccoutName’,’mail =  means to get name, account name, mail id of users.

In this way we can get information about the active directory users and objects using python.

 

Leave a Reply

Your email address will not be published. Required fields are marked *

Tools & Practices

Tools and Technologies we use at Applied

Contact us now

Popular Posts