如何使用Python更改域用户(Windows Active Directory)的密码? [英] How can I change password for domain user(windows Active Directory) using Python?

问题描述

如何使用Python更改域用户的密码?我板上有ldap模块，但没有解决方案.我设法通过ldap查询了当前设置，但是如何修改呢?

How can I change the password for a domain user with Python? I have the ldap modules on board but have no solution. I managed to query the current settings via ldap, but how can modify it?

import ldap
import sys

host = 'ldap://10.172.0.79'

con = ldap.initialize(host)
BIND_DN = "administrator@biztalk.com"
BIND_PASS = "a-123456"
con.set_option( ldap.OPT_X_TLS_DEMAND, True )
con.set_option( ldap.OPT_DEBUG_LEVEL, 255 )

PASSWORD_ATTR = "unicodePwd"
username="bizadmin"
user_dn = "CN=%s,OU=User,OU=biztalk,DC=biz-talk,DC=com" % username
password = 'New12345'

# Set AD password
unicode_pass = unicode("\"" + password + "\"", "iso-8859-1")
password_value = unicode_pass.encode("utf-16-le")
add_pass = [(ldap.MOD_REPLACE, PASSWORD_ATTR, [password_value])]

# Replace password
try:
    con.modify_s(user_dn, add_pass)
    print "Active Directory password for", username, "was set successfully!"
except ldap.LDAPError, e:
    sys.stderr.write('Error setting AD password for: ' + username + '\n')
    sys.stderr.write('Message: ' + str(e) + '\n')
    sys.exit(1)

错误

pydev调试器:启动

pydev debugger: starting

为bizadmin设置AD密码时出错

Error setting AD password for: bizadmin

消息:{'desc':无法联系LDAP服务器"}

Message: {'desc': "Can't contact LDAP server"}

Python更改域(Microsoft Active Directory)用户的密码.

Python change domain(Microsoft Active Directory) user's password.

...需要python和域之间的认证服务吗?

...requires certification services between python and domain?

您有什么好办法解决吗?

Could you have any good ways to deal with it?

谢谢！

推荐答案

此代码适用于Windows 2012 R2 AD:

This code is working with Windows 2012 R2 AD:

首先安装最新的ldap3软件包: sudo pip安装ldap

First install latest ldap3 package: sudo pip install ldap

#!/usr/bin/python

import ldap3

SERVER='127.0.0.1'
BASEDN="DC=domain,DC=com"
USER="user_domain_login_name@domain.com"
CURREENTPWD="current_password"
NEWPWD="new_password"

SEARCHFILTER='(&(userPrincipalName='+USER+')(objectClass=person))'

USER_DN=""
USER_CN=""

ldap_server = ldap3.Server(SERVER, get_info=ldap3.ALL)
conn = ldap3.Connection(ldap_server, USER, CURREENTPWD, auto_bind=True)
conn.start_tls()
#print conn
conn.search(search_base = BASEDN,
         search_filter = SEARCHFILTER,
         search_scope = ldap3.SUBTREE,
         attributes = ['cn', 'givenName', 'userPrincipalName'],
         paged_size = 5)

for entry in conn.response:
    if entry.get("dn") and entry.get("attributes"):
        if entry.get("attributes").get("userPrincipalName"):
            if entry.get("attributes").get("userPrincipalName") == USER:
                USER_DN=entry.get("dn")
                USER_CN=entry.get("attributes").get("cn")

print "Found user:", USER_CN
print USER_DN
print ldap3.extend.microsoft.modifyPassword.ad_modify_password(conn, USER_DN, NEWPWD, CURREENTPWD,  controls=None)

这篇关于如何使用Python更改域用户(Windows Active Directory)的密码?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！