使用ldap3 Python获取Active Directory中的用户状态(禁用或活动)
[英]Get user status (disabled or active) in Active Directory with ldap3 Python
问题描述
I am getting a list of all users in Active Directory and I need to check their status — if the user is active or disabled. 
我正在获取Active Directory中所有用户的列表,我需要检查其状态-用户是处于活动状态还是处于禁用状态。 I expect that userAccountControl should return user status, but I get only 512 for all users but one (who returns 66048) and this is not correlated with user status (as far as I know). 我希望userAccountControl应该返回用户状态,但是对于所有用户,我只能得到512,但一个用户(返回66048)却与用户状态无关(据我所知)。
from ldap3 import Server, Connection
serverName = 'LDAP://server'
domainName = 'name'
userName = 'superuser'
password = 'password'
base = 'longString'
server = Server(serverName)
conn = Connection(server, read_only=True, user='{0}\\{1}'.format(domainName, userName), password=password, auto_bind=True)
conn.search(base, '(objectclass=person)', attributes=['displayName', 'mail', 'userAccountControl','sAMAccountName'])
for i in conn.entries:
print 'USER = {0} : {1} : {2}'.format(i.sAMAccountName.values[0], i.displayName.values[0], i.userAccountControl.values[0])
USER = ABC : John Smith : 512 USER = DEF : Sarah Connor : 514 USER = GHI : Thomas Anderson : 66048
Is it a correct way to get user status? 这是获取用户状态的正确方法吗? Is there any other way to check AD user status with some application with UI? 还有其他方法可以通过带有UI的某些应用程序检查AD用户状态吗?
1 个解决方案
解决方案1
3 已采纳 2018-06-22 15:07:39
According to userAccountControl flags : 根据userAccountControl标志 :
512 - Normal account (512), 512-普通帐户(512),
514 - Disable account (2 + 512), 514-停用帐户(2 + 512),
66048 - Normal account + dont expire password (65536 + 512). 66048-普通帐户+不要过期密码(65536 + 512)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.