Python3禁用AD账号与重置AD账号密码

原创

momingliu 2024-07-22 14:01:05 ©著作权

©著作权归作者所有：来自51CTO博客作者momingliu的原创作品，请联系作者获取转载授权，否则将追究法律责任

Python3禁用AD账号

# LDAP服务器地址、端口号及连接参数
import ldap3
from ldap3 import Server, Connection,ALL 
server = Server('10.10.22.14',port=389,get_info=ALL)
conn = Connection(server, user='admin', password='yyy',auto_bind=True)

username='zdx'

if conn.bind():

   # 设置查询条件
   #base_dn = 'OU=IT,OU=SOU,dc=test19,dc=com'
   base_dn = 'dc=test19,dc=com'
   #filterstr = "(objectClass=person)"
   filterstr=f'(&(objectClass=Person)(sAMAccountName={username}))'
   #print(filterstr)
   # 发起查询并获取结果
   result = conn.search(base_dn, filterstr, attributes=['cn', 'mail', 'distinguishedName', 'sAMAccountName'])
   #print(result,conn.response)
   if result:
       res = conn.response
       entry = res[0]
       if 'raw_attributes' in entry.keys():
          samaccountname = str(entry['raw_attributes']['sAMAccountName'][0].lower(),'utf-8')
          dn = str(entry['raw_attributes']['distinguishedName'][0].lower(),'utf-8')
          print(dn,samaccountname)

           # 禁用账户
          mod_attrs = {
              'userAccountControl': [(ldap3.MODIFY_REPLACE, [514])]  # 514 表示禁用账户
          }
          conn.modify(dn, mod_attrs)
           
          # 检查修改是否成功
          if conn.result["description"] == "success":
              print(f"Account {dn} has been disabled.")
          else:
              print(f"Failed to disable account {dn}.")

       else:
           print(f"{username} not found.")
   else:
       print("No entries found.")

else:
    print("Failed to bind with the server.")

# 关闭连接
conn.unbind()

Python3使用管理员权限重置AD账号密码

# LDAP服务器地址、端口号及连接参数
import ldap3
from ldap3 import Server, Connection,ALL 
server = Server('10.10.22.14',port=636,get_info=ALL,use_ssl=True)  #修改密码需要使用ldaps
conn = Connection(server, user='admin', password='yyy',auto_bind=True)

username='zdx'
new_pwd='Y111'

if conn.bind():

   # 设置查询条件
   #base_dn = 'OU=IT,OU=SOU,dc=test19,dc=com'
   base_dn = 'dc=test19,dc=com'
   #filterstr = "(objectClass=person)"
   filterstr=f'(&(objectClass=Person)(sAMAccountName={username}))'
   #print(filterstr)
   # 发起查询并获取结果
   result = conn.search(base_dn, filterstr, attributes=['cn', 'mail', 'distinguishedName', 'sAMAccountName', 'userAccountControl'])
   #print(result,conn.response)
   if result:
       res = conn.response
       entry = res[0]
       if 'raw_attributes' in entry.keys():
          samaccountname = str(entry['raw_attributes']['sAMAccountName'][0].lower(),'utf-8')
          dn = str(entry['raw_attributes']['distinguishedName'][0].lower(),'utf-8')
          uac = str(entry['raw_attributes']['userAccountControl'][0].lower(),'utf-8')  #获取用户UAC值
          print(dn,samaccountname,uac)

          pwd_change={
            'userPassword':[(ldap3.MODIFY_REPLACE,[new_pwd])],
            'unicodePwd':[(ldap3.MODIFY_REPLACE,[f'"{new_pwd}"'.encode('utf-16-le')])],
            'userAccountControl':[(ldap3.MODIFY_REPLACE,[uac])]
          }

          conn.modify(dn,pwd_change)
           

       else:
           print(f"{username} not found.")
   else:
       print("No entries found.")

else:
    print("Failed to bind with the server.")

# 关闭连接
conn.unbind()

参考：https://blog.51cto.com/u_13366251/7418664

使用旧密码修改新密码