Creating Active Directory Objects
Joe Little
joe at open-it.org
Thu Nov 8 19:12:12 CET 2007
Here's something that may be useful in this conversation about AD
Objects. I wrote with some reference help a script to pack a SID as I
was creating the necessary objects to create AD accounts from python
using python-ldap:
"""
packsid
"""
import base64,struct
def packsid(textsid):
if textsid[0] != 'S':
return;
data = (textsid[2:]).split('-')
rev = int(data[0])
idauth = int(data[1])
subauthcount = len(data) - 2
packedsid = struct.pack("8B", rev, subauthcount, 0, 0, 0, 0, 0,
idauth)
for i in range(0,subauthcount):
addpack = struct.pack("<L", long(data[2+i]))
packedsid = packedsid+addpack
return packedsid
respack = packsid('S-1-5-21-1398680112-2183325515-263647921-996')
resenc = base64.encodestring(respack)
print resenc
I barely remember how I arrived at each part, but it was mostly
through trial and error.
On Nov 7, 2007, at 10:50 AM, Geert Jansen wrote:
> Michael Ströder wrote:
>
>> I vaguely remember that there are some issues with really
>> activating a
>> user entry as a Windows user. But this is not a problem of
>> accessing AD
>> via python-ldap.
>>
>
> This indeed rings a bell. You need to create the user as disabled
> (look
> for userAccountControl on MSDN), set a compliant password, and then
> enable him.
>
> Regards,
> Geert
>
>
More information about the python-ldap
mailing list