如何使用 python 在 Active Directory 的用户配置文件中添加组?
How can I add group in user profile in Active Directory with python?
我正在使用 Python 模块 ldap3 在 Active Directory 中添加用户。此代码对我有用:
from ldap3 import Server, Connection, SIMPLE, SYNC, ASYNC, SUBTREE, ALL
AD_SERVER = 'w1.sub.company.ltd'
AD_USER = 'admin@sub.company.ltd'
AD_PASSWORD = '123456'
AD_SEARCH_TREE = 'dc=sub,dc=company,dc=ltd'
server = Server(AD_SERVER)
conn = Connection(server, user=AD_USER, password=AD_PASSWORD)
print(conn.bind())
conn.add('CN=John Smith,OU=Users,OU=Admins,DC=sub,DC=company,DC=ltd',
['top', 'person', 'organizationalPerson', 'user'],
{'displayName': 'John Smith VIP', 'sn': 'VIP', 'givenName': 'John Smith',
'sAMAccountName': 'SmithJ', 'userPrincipalName': 'SmithJ', 'userPassword': '123456'})
print(conn.result)
conn.unbind()
但是如果我在代码中添加属性“memberOf”:
conn.add('CN=John Smith,OU=Users,OU=Admins,DC=sub,DC=company,DC=ltd',
['top', 'person', 'organizationalPerson', 'user'],
{'memberOf': ['CN=SubAdmins,OU=Groups,OU=Admins,DC=sub,DC=company,DC=ltd'],
'displayName': 'John Smith VIP', 'sn': 'VIP', 'givenName': 'John Smith',
'sAMAccountName': 'SmithJ', 'userPrincipalName': 'SmithJ', 'userPassword': '123456'})
Python 抛出以下错误消息:
{'result': 53, 'description': 'unwillingToPerform', 'dn': '', 'message': '0000209A: SvcErr: DSID-031A0FF7, problem 5003 (WILL_NOT_PERFORM), data 0\n\x00', 'referrals': None, 'type': 'addResponse'}
我猜我的错误在语法上,但我不知道如何解决。
- 如何在用户配置文件中添加组? (已解决)
- 不知道怎么添加'userAccountControl':'66048'属性
谢谢!
编辑:
- 在组中添加用户:
user_dn = 'CN=John Smith,OU=Users,OU=Admins,DC=sub,DC=company,DC=ltd'
get_groups = [('CN=SubAdmins,OU=Groups,OU=Admins,DC=sub,DC=company,DC=ltd')]
conn.extend.microsoft.add_members_to_groups([user_dn], get_groups)
- 添加用户帐户控件:
user_dn = f'CN=John Smith,OU=Users,OU=Admins,DC=sub,DC=company,DC=ltd'
conn.modify(user_dn, {"userAccountControl": (MODIFY_REPLACE, 66050)})
我解决了:
1.
user_dn = 'CN=John Smith,OU=Users,OU=Admins,DC=sub,DC=company,DC=ltd'
get_groups = [('CN=SubAdmins,OU=Groups,OU=Admins,DC=sub,DC=company,DC=ltd')]
conn.extend.microsoft.add_members_to_groups([user_dn], get_groups)
user_dn = f'CN=John Smith,OU=Users,OU=Admins,DC=sub,DC=company,DC=ltd'
conn.modify(user_dn, {"userAccountControl": (MODIFY_REPLACE, 66050)})
我正在使用 Python 模块 ldap3 在 Active Directory 中添加用户。此代码对我有用:
from ldap3 import Server, Connection, SIMPLE, SYNC, ASYNC, SUBTREE, ALL
AD_SERVER = 'w1.sub.company.ltd'
AD_USER = 'admin@sub.company.ltd'
AD_PASSWORD = '123456'
AD_SEARCH_TREE = 'dc=sub,dc=company,dc=ltd'
server = Server(AD_SERVER)
conn = Connection(server, user=AD_USER, password=AD_PASSWORD)
print(conn.bind())
conn.add('CN=John Smith,OU=Users,OU=Admins,DC=sub,DC=company,DC=ltd',
['top', 'person', 'organizationalPerson', 'user'],
{'displayName': 'John Smith VIP', 'sn': 'VIP', 'givenName': 'John Smith',
'sAMAccountName': 'SmithJ', 'userPrincipalName': 'SmithJ', 'userPassword': '123456'})
print(conn.result)
conn.unbind()
但是如果我在代码中添加属性“memberOf”:
conn.add('CN=John Smith,OU=Users,OU=Admins,DC=sub,DC=company,DC=ltd',
['top', 'person', 'organizationalPerson', 'user'],
{'memberOf': ['CN=SubAdmins,OU=Groups,OU=Admins,DC=sub,DC=company,DC=ltd'],
'displayName': 'John Smith VIP', 'sn': 'VIP', 'givenName': 'John Smith',
'sAMAccountName': 'SmithJ', 'userPrincipalName': 'SmithJ', 'userPassword': '123456'})
Python 抛出以下错误消息:
{'result': 53, 'description': 'unwillingToPerform', 'dn': '', 'message': '0000209A: SvcErr: DSID-031A0FF7, problem 5003 (WILL_NOT_PERFORM), data 0\n\x00', 'referrals': None, 'type': 'addResponse'}
我猜我的错误在语法上,但我不知道如何解决。
- 如何在用户配置文件中添加组? (已解决)
- 不知道怎么添加'userAccountControl':'66048'属性
谢谢!
编辑:
- 在组中添加用户:
user_dn = 'CN=John Smith,OU=Users,OU=Admins,DC=sub,DC=company,DC=ltd'
get_groups = [('CN=SubAdmins,OU=Groups,OU=Admins,DC=sub,DC=company,DC=ltd')]
conn.extend.microsoft.add_members_to_groups([user_dn], get_groups)
- 添加用户帐户控件:
user_dn = f'CN=John Smith,OU=Users,OU=Admins,DC=sub,DC=company,DC=ltd'
conn.modify(user_dn, {"userAccountControl": (MODIFY_REPLACE, 66050)})
我解决了:
1.
user_dn = 'CN=John Smith,OU=Users,OU=Admins,DC=sub,DC=company,DC=ltd'
get_groups = [('CN=SubAdmins,OU=Groups,OU=Admins,DC=sub,DC=company,DC=ltd')]
conn.extend.microsoft.add_members_to_groups([user_dn], get_groups)
user_dn = f'CN=John Smith,OU=Users,OU=Admins,DC=sub,DC=company,DC=ltd'
conn.modify(user_dn, {"userAccountControl": (MODIFY_REPLACE, 66050)})