I am using ldap module in python to add user to Microsoft 2012 Active Directory. As I am successfully able to add user to the AD, user gets added with next logon and account as disabled options ticked. I tried lot of option to enable the account but not able to do so. Tried option of enabling account while creating user but that doesn't work too. Tried modify function but still no luck. Could anyone suggest a detour for the above problem? Thanks in advance
You need to modify the entry after it is created and set the userAccountControl
attribute.
The userAccountControl
attribute is a bit flag.
There are a few different enabled
states that can be set.
512
- is a default enabled account 67048
- is an enabled account where the password does not expire Before Enable an Active Directory account check below items:
userPrincipleName
attribute is set, same as email!userAccountControl=544
instead of userAccountControl=512
or userAccountControl=67048
.Then you can use below sample code to enable user:
from ldap3 import Server, Connection, MODIFY_REPLACE
server = Server('ldap://hostname', 389, use_ssl=False)
connection = Connection(server, user='DOMAIN/Administrator', password='AdminPass', auto_bind=True)
connection.modify(distinguishedName, {'userAccountControl': (MODIFY_REPLACE, [544])})
connection.modify(distinguishedName, {'userAccountControl': (MODIFY_REPLACE, [512])}) # for users' who have password.
connection.unbind()
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.