[python-win32] Atomically creating user in Active Directory and assigning permissions to directories
Suzuki Alex
Alex.Suzuki at ksta.ktzh.ch
Mon Jan 16 11:37:13 CET 2006
Hello,
I am tasked with adding Active Directory support to an existing
tool that manages users among other things. One process involves
creating a new user. This user is first created in a legacy database,
then in Active Directory (using COM/ADSI). This works well.
However, the environment also needs certain folders to exist, and
these folders should have the newly created user in their ACL.
I was told that this is tricky, because of the distributed nature
of Active Directory, the new user is not immediately visible.
I noticed this when I used the win32security.LookupAccountName function.
So then my idea was to retrieve the user's SID by reading the objectSid
attribute, converting it to a PySID and then using this SID directly
for the ACL, freeing the system from the task of looking it up.
However, this seems to fail as well. I'm out of ideas here, and I'm
sure somebody must have encountered this problem as well.
I can post some code, but what I do is fairly straight-forward.
1. Create the user using ADSI
2. Retrieve the user's SID
3. win32file.CreateDirectory
4. Get the security descriptor
5. Get the DACL
6. Add the SID to the DACL
7. Store the security desciptor using win32file.SetFileSecurity
Regards,
Alex
More information about the Python-win32
mailing list