使用 ldap python 启用 Active Directory 用户帐户

Question

I am using ldap module in python to add user to Microsoft 2012 Active Directory. As I am successfully able to add user to the AD, user gets added with next logon and account as disabled options ticked. I tried lot of option to enable the account but not able to do so. Tried option of enabling account while creating user but that doesn't work too. Tried modify function but still no luck. Could anyone suggest a detour for the above problem? Thanks in advance

Answer 1

You need to modify the entry after it is created and set the userAccountControl attribute.

The userAccountControl attribute is a bit flag.

There are a few different enabled states that can be set.

1. 512 - is a default enabled account
2. 67048 - is an enabled account where the password does not expire

Answer 2

Before Enable an Active Directory account check below items:

• Make sure that userPrincipleName attribute is set, same as email!
• Make sure that password is set. if not you can enable user by modify userAccountControl=544 instead of userAccountControl=512 or userAccountControl=67048 .

Then you can use below sample code to enable user:

from ldap3 import Server, Connection, MODIFY_REPLACE

server = Server('ldap://hostname', 389, use_ssl=False)
connection = Connection(server, user='DOMAIN/Administrator', password='AdminPass', auto_bind=True)
connection.modify(distinguishedName, {'userAccountControl': (MODIFY_REPLACE, [544])})
connection.modify(distinguishedName, {'userAccountControl': (MODIFY_REPLACE, [512])}) # for users' who have password.
connection.unbind()