Python3禁用AD账号
# LDAP服务器地址、端口号及连接参数
import ldap3
from ldap3 import Server, Connection,ALL
server = Server('10.10.22.14',port=389,get_info=ALL)
conn = Connection(server, user='admin', password='yyy',auto_bind=True)
username='zdx'
if conn.bind():
# 设置查询条件
#base_dn = 'OU=IT,OU=SOU,dc=test19,dc=com'
base_dn = 'dc=test19,dc=com'
#filterstr = "(objectClass=person)"
filterstr=f'(&(objectClass=Person)(sAMAccountName={username}))'
#print(filterstr)
# 发起查询并获取结果
result = conn.search(base_dn, filterstr, attributes=['cn', 'mail', 'distinguishedName', 'sAMAccountName'])
#print(result,conn.response)
if result:
res = conn.response
entry = res[0]
if 'raw_attributes' in entry.keys():
samaccountname = str(entry['raw_attributes']['sAMAccountName'][0].lower(),'utf-8')
dn = str(entry['raw_attributes']['distinguishedName'][0].lower(),'utf-8')
print(dn,samaccountname)
# 禁用账户
mod_attrs = {
'userAccountControl': [(ldap3.MODIFY_REPLACE, [514])] # 514 表示禁用账户
}
conn.modify(dn, mod_attrs)
# 检查修改是否成功
if conn.result["description"] == "success":
print(f"Account {dn} has been disabled.")
else:
print(f"Failed to disable account {dn}.")
else:
print(f"{username} not found.")
else:
print("No entries found.")
else:
print("Failed to bind with the server.")
# 关闭连接
conn.unbind()- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
- 15.
- 16.
- 17.
- 18.
- 19.
- 20.
- 21.
- 22.
- 23.
- 24.
- 25.
- 26.
- 27.
- 28.
- 29.
- 30.
- 31.
- 32.
- 33.
- 34.
- 35.
- 36.
- 37.
- 38.
- 39.
- 40.
- 41.
- 42.
- 43.
- 44.
- 45.
- 46.
- 47.
- 48.
- 49.
Python3使用管理员权限重置AD账号密码
# LDAP服务器地址、端口号及连接参数
import ldap3
from ldap3 import Server, Connection,ALL
server = Server('10.10.22.14',port=636,get_info=ALL,use_ssl=True) #修改密码需要使用ldaps
conn = Connection(server, user='admin', password='yyy',auto_bind=True)
username='zdx'
new_pwd='Y111'
if conn.bind():
# 设置查询条件
#base_dn = 'OU=IT,OU=SOU,dc=test19,dc=com'
base_dn = 'dc=test19,dc=com'
#filterstr = "(objectClass=person)"
filterstr=f'(&(objectClass=Person)(sAMAccountName={username}))'
#print(filterstr)
# 发起查询并获取结果
result = conn.search(base_dn, filterstr, attributes=['cn', 'mail', 'distinguishedName', 'sAMAccountName', 'userAccountControl'])
#print(result,conn.response)
if result:
res = conn.response
entry = res[0]
if 'raw_attributes' in entry.keys():
samaccountname = str(entry['raw_attributes']['sAMAccountName'][0].lower(),'utf-8')
dn = str(entry['raw_attributes']['distinguishedName'][0].lower(),'utf-8')
uac = str(entry['raw_attributes']['userAccountControl'][0].lower(),'utf-8') #获取用户UAC值
print(dn,samaccountname,uac)
pwd_change={
'userPassword':[(ldap3.MODIFY_REPLACE,[new_pwd])],
'unicodePwd':[(ldap3.MODIFY_REPLACE,[f'"{new_pwd}"'.encode('utf-16-le')])],
'userAccountControl':[(ldap3.MODIFY_REPLACE,[uac])]
}
conn.modify(dn,pwd_change)
else:
print(f"{username} not found.")
else:
print("No entries found.")
else:
print("Failed to bind with the server.")
# 关闭连接
conn.unbind()- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
- 15.
- 16.
- 17.
- 18.
- 19.
- 20.
- 21.
- 22.
- 23.
- 24.
- 25.
- 26.
- 27.
- 28.
- 29.
- 30.
- 31.
- 32.
- 33.
- 34.
- 35.
- 36.
- 37.
- 38.
- 39.
- 40.
- 41.
- 42.
- 43.
- 44.
- 45.
- 46.
- 47.
- 48.
参考:https://blog.51cto.com/u_13366251/7418664
使用旧密码修改新密码