如何使用 Python 更改域用户(Windows Active Directory)的密码? [英] How can I change password for domain user(windows Active Directory) using Python?

问题描述

如何使用 Python 更改域用户的密码?我有 ldap 模块，但没有解决方案.我设法通过 ldap 查询当前设置，但如何修改它?

How can I change the password for a domain user with Python? I have the ldap modules on board but have no solution. I managed to query the current settings via ldap, but how can modify it?

import ldap
import sys

host = 'ldap://10.172.0.79'

con = ldap.initialize(host)
BIND_DN = "administrator@biztalk.com"
BIND_PASS = "a-123456"
con.set_option( ldap.OPT_X_TLS_DEMAND, True )
con.set_option( ldap.OPT_DEBUG_LEVEL, 255 )

PASSWORD_ATTR = "unicodePwd"
username="bizadmin"
user_dn = "CN=%s,OU=User,OU=biztalk,DC=biz-talk,DC=com" % username
password = 'New12345'

# Set AD password
unicode_pass = unicode(""" + password + """, "iso-8859-1")
password_value = unicode_pass.encode("utf-16-le")
add_pass = [(ldap.MOD_REPLACE, PASSWORD_ATTR, [password_value])]

# Replace password
try:
    con.modify_s(user_dn, add_pass)
    print "Active Directory password for", username, "was set successfully!"
except ldap.LDAPError, e:
    sys.stderr.write('Error setting AD password for: ' + username + '
')
    sys.stderr.write('Message: ' + str(e) + '
')
    sys.exit(1)

错误

pydev 调试器:启动

pydev debugger: starting

为:bizadmin 设置 AD 密码时出错

Error setting AD password for: bizadmin

消息:{'desc':无法联系 LDAP 服务器"}

Message: {'desc': "Can't contact LDAP server"}

Python 更改域(Microsoft Active Directory)用户密码.

Python change domain(Microsoft Active Directory) user's password.

...需要python和域之间的认证服务吗?

...requires certification services between python and domain?

你有什么好的处理方法吗?

Could you have any good ways to deal with it?

谢谢！

推荐答案

此代码适用于 Windows 2012 R2 AD:

This code is working with Windows 2012 R2 AD:

首先安装最新的 ldap3 包:须藤pip安装ldap

First install latest ldap3 package: sudo pip install ldap

#!/usr/bin/python

import ldap3

SERVER='127.0.0.1'
BASEDN="DC=domain,DC=com"
USER="user_domain_login_name@domain.com"
CURREENTPWD="current_password"
NEWPWD="new_password"

SEARCHFILTER='(&(userPrincipalName='+USER+')(objectClass=person))'

USER_DN=""
USER_CN=""

ldap_server = ldap3.Server(SERVER, get_info=ldap3.ALL)
conn = ldap3.Connection(ldap_server, USER, CURREENTPWD, auto_bind=True)
conn.start_tls()
#print conn
conn.search(search_base = BASEDN,
         search_filter = SEARCHFILTER,
         search_scope = ldap3.SUBTREE,
         attributes = ['cn', 'givenName', 'userPrincipalName'],
         paged_size = 5)

for entry in conn.response:
    if entry.get("dn") and entry.get("attributes"):
        if entry.get("attributes").get("userPrincipalName"):
            if entry.get("attributes").get("userPrincipalName") == USER:
                USER_DN=entry.get("dn")
                USER_CN=entry.get("attributes").get("cn")

print "Found user:", USER_CN
print USER_DN
print ldap3.extend.microsoft.modifyPassword.ad_modify_password(conn, USER_DN, NEWPWD, CURREENTPWD,  controls=None)

这篇关于如何使用 Python 更改域用户(Windows Active Directory)的密码?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！