Python 修改AD密码

前提条件: AD 已开启证书服务(最重要的一句话)。

import ldap3

SERVER = 'adserver'
BASEDN = "DC=example,DC=com"
USER = "u1@example.com"
CURREENTPWD = "adcvQ.SAD"
NEWPWD = "adcv.Q.SAD"

SEARCHFILTER = '(&(userPrincipalName='+USER+')(objectClass=person))'

USER_DN = ""
USER_CN = ""

ldap_server = ldap3.Server(SERVER, get_info=ldap3.ALL, use_ssl=True)
conn = ldap3.Connection(ldap_server, USER, CURREENTPWD, auto_bind=True)
conn.start_tls()

conn.search(search_base=BASEDN, search_filter=SEARCHFILTER, search_scope=ldap3.SUBTREE, attributes=['cn', 'givenName', 'userPrincipalName'], paged_size=5)

# print(conn.response)
for entry in conn.response:
    if entry.get("dn") and entry.get("attributes"):
        if entry.get("attributes").get("userPrincipalName"):
            if entry.get("attributes").get("userPrincipalName") == USER:
                USER_DN = entry.get("dn")
                USER_CN = entry.get("attributes").get("cn")


if USER_DN:
    res = ldap3.extend.microsoft.modifyPassword.ad_modify_password(conn, USER_DN, NEWPWD, CURREENTPWD,  controls=None)
    if res:
        print('user %s change password Success.' % USER_CN)
    else:
        print('user %s change password Failed.' % USER_CN)
else:
    print("User DN is missing!")

 

posted @ 2021-11-05 20:11  cptao  阅读(505)  评论(0编辑  收藏  举报