Python and ADSI

Mark Hammond mhammond at skippinet.com.au
Tue Dec 21 19:21:15 EST 1999 

"Stephen Milton" <milton at isomedia.com> wrote in message
news:s5vh2ahnrg382 at corp.supernews.com...
> Does anyone have any sample code for working with the makepy
generated
> libraries for ADSI.  Specifically I am trying to use the IIS objects
to
> manage web sites, add, delete, etc.

John Nielsen has kindly written some documentation on ADSI and
exchange which I have attached below.  These docs will be included in
the next version of win32all.

Also, version 128 of win32all will have a
win32com.client.GetObject() - similar to VB's function of the same
name.  This will make some ADSI stuff easier.

Mark.
--
ADSI, Exchange, and Python

Python's adsi access works really well with Exchange (late or early
binding since you can read microsoft's type library). To get started,
you will need to download adsi from microsoft:
http://www.microsoft.com/windows/server/Technical/directory/adsilinks.
asp. Microsoft has documentation for using languages other than python
in the sdk.

Comments

Before doing anything else you need to go through the next two steps:



Task Description
Create the Global Providers object adsiNameSpaces =
win32com.client.Dispatch('ADsNameSpaces')
Now get the LDAP Provider object ldapNameSpace =
adsiNameSpaces.getobject("","LDAP:")
Now you have to decide how you want to access the exchange server. I
have chosen to authenticate in which case you need to use opendsobject

The login and domain logon_ex='cn=wilma, dc=bedrock'
password password='dino'
now login myDSObject =
ldapNameSpace.OpenDSObject(ex_path,logon_ex,password,0)
So what is this ex_path in the login?
It is the resource you are trying to access, for example:
a specific user
ex_path="LDAP://server/cn=fredflintsone,cn=Recipients,ou=rubble,o=bedr
o ck"
a mailing list
ex_path="LDAP://server/cn=bedrock,cn=Recipients,ou=rubble,o=bedrock"
all of Recipients
ex_path="LDAP://server/cn=Recipients,ou=rubble,o=bedrock"
Example

Accessing and Modifying a user:

ex_path="LDAP://server/cn=fredflint,cn=Recipients,ou=rubble,o=bedrock"
myDSObject = ldapNameSpace.OpenDSObjec(ex_path,logon_ex,password,0)
myDSObject.Getinfo()
# To access a user's data try:
attribute = myDSObject.Get('Extension-Attribute-1')
print attribute
# To modify a user try:
myDSObject.Put('Extension-Attribute-1','barney was here')
myDSObject.Setinfo()


Comments

Note -- To make any changes permanent setinfo is required.

Example

Adding new account to exchange

# Adding a new account to exchange is simple except for one thing.
# You need to associate an NT account with an exchange account.
# To do so at this point requires some c++ to produce some hex SID
# and trustee information that adsi can use.
# At this point assume we have C++ magic
#
# Note we are accessing Recipients directly now
ex_path="LDAP://server/cn=Recipients,ou=rubble,o=bedrock"
logon_ex='cn=wilma,dc=bedrock'
password='dino'
myDSObject = ldapNameSpace.OpenDSObjec(ex_path,logon_ex,password,0)

newobj = myDSObject.create("OrganizationalPerson", "cn=betty")
newobj.put('MailPreferenceOption', 0)
# etc . . . add whatever else you want. There are a few required
fields.
# Now the part to get exchange associated with NT
# The Magic is here
import win32pipe
assoc_nt=win32pipe.popen('getsid bedrock\\fredflint')
nt_security=win32pipe.popen('gettrustee bedrock\\fredflint')
newobj.put('NT-Security-Descriptor',assoc_nt)
newobj.put('NT-Security-Descriptor',nt_security)

newobj.SetInfo


Deleting an account from  exchange

#Here we connect to Recipients and then
#delete a user
#This is an example with more generic code:
#data is a dictionary that contains info
#that may be dynamic like the domain,
#admin login, or exchange server
#notice I am using a try/except clause here
#to catch any exceptions
try:
  #ADSI here
  # Create the Global Providers object
  logon_ex='cn='+data['NT_admin']+',
dc='+data['NT_domain']+',cn=admin'
  ex_list_path="LDAP://"+data['EX_site_srv']+"/cn=Recipients,ou="\

+data['ou']+",o="+data['o']
  adsi = win32com.client.Dispatch('ADsNameSpaces')
  #
  # Now get the LDAP Provider object
  ldap = adsi.getobject("","LDAP:")
  dsobj =
ldap.OpenDSObject(ex_list_path,logon_ex,data['NT_password'],0);
  dsobj.Getinfo()
  dsobj.Delete("OrganizationalPerson", "cn="+login)
  dsobj.Setinfo()
except:
  print 'Error deleting '+login, sys.exc_type , sys.exc_value


Adding to a distribution list

# I've added code here to make it a more generic example
# I used putex instead of put because it has more options
# The '3' value means append. The SDK has specific info on it
ex_list_path="LDAP://"+server+"/cn="+list+",cn=Recipients,ou="+ou+",o=
"+o
dsobj = ldap.OpenDSObject(ex_list_path,logon_ex,password,0);
dsobj.Getinfo()
list_member='cn='+user+',cn=Recipients,ou='+ou+',o='+o
append_list=[list_member]
dsobj.putEx(3,'Member',append_list);
dsobj.SetInfo()

More information about the Python-list mailing list