Created
February 25, 2017 09:49
-
-
Save Mostafa-Hamdy-Elgiar/994417547f6c89c45e2de6485d695231 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import ldap , sys | |
if len(sys.argv != 2) : | |
print "Usage: python disableuserinAD.py <username>" | |
sys.exit(1) | |
Server = "ldap://xxx.xxx.xxx.xxx" | |
DN = "cn=username,cn=user,dc=example,dc=com" # DN for username@example.com in order to authentication | |
Secret = "xxxxxxx" #password for username | |
#Previous username and password used to autenticate in AD. | |
Base = "ou=xxxx,dc=example,dc=com" | |
Scope = ldap.SCOPE_SUBTREE | |
Filter = "(&(objectClass=user)(userAccountControl=66050))" #this filter find any disabled user | |
Attrs = ["sAMAccountName","givenName","cn"] #the user found return with this AD attributes | |
user = sys.argv[1] ## user account name | |
l = ldap.initialize(Server) | |
l.protocal_version = 3 | |
l.set_option(ldap.OPT_REFERRALS, 0) | |
l.simple_bind_s(DN, Secret) | |
res = l.search(Base, Scope, Filter, Attrs) | |
ress = l.result() | |
r = len(ress[1]) | |
userslist = [] | |
for i in range(r-3): | |
accountname = ress[1][i][1]['sAMAccountName'][0] | |
sirname = ress[1][i][1]['cn'][0] | |
userslist.append(accountname) | |
if user in userslist : | |
print "account is disabled" | |
l.unbind_s() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment