[python-win32] Querying Password Change Privilege on an Active Directory User Ac count
Gooch, John
John.Gooch at echostar.com
Fri Jul 29 19:38:38 CEST 2005
I have a script that changes user passwords, and it throws exceptions then
executing the SetPassword() or SetInfo() commands on a AD user account that
it does not have "set password" privileges on. To avoid the exception being
thrown, I would like to have the script check whether or not it has
permission to change the password before trying to change it ( make sense?
), but I cannot find any good documentation on this after a few hours of
Googling for it.
Do anyone have guidance ( or better yet, an answer ) on figuring out how to
implement this.
here is a small snippet of the code I have now :
adsuser = getADSUser( trans.adspath )#Retrieve a copy of the users AD
Account
if ( adsuser ):
trans.email = adsuser.mail
trans.firstname = adsuser.givenName
trans.lastname = adsuser.sn
trans.displayname = adsuser.displayname
#trans.pwdLastChanged1 = adsuser.PasswordLastChanged
#trans.pwdLastChanged1 = time.strftime( "%Y-%m-%d %H:%M:%S",
time.gmtime( adsuser.PasswordLastChanged ) )
trans.pwdLastChanged1 = str( adsuser.PasswordLastChanged )
error = NewPassword( trans )
if ( not error ):
if ( validEmail( trans.email ) ):
try:
print "new password is %s" % trans.password
adsuser.SetPassword( trans.password )
#x=1
#adsuser.SetInfo()
print "Password change successful. %s" % trans.username
except pythoncom.com_error, error:
#print "Password change failed. for %s" % trans.username
return "Set Password failure. COM Error:%s" % str( error )
except Exception, error:
return "Set Password failure. General Error:%s" %
str(error)
try:
adsuser = None
adsuser = getADSUser( trans.adspath ) #Retrieve a copy of
the users AD Account
trans.pwdLastChanged2 = str( adsuser.PasswordLastChanged )
except:
return "Password change verification failure - Unable to
retrieve PasswordLastChanged Timestamp after changing the password." % (
trans.pwdLastChanged1,trans.pwdLastChanged2 )
if ( trans.pwdLastChanged1 == trans.pwdLastChanged2 ):
return "Password change verification failure -
PasswordLastChange Value did not change after executing the SetPassword
Command.Before:%s Date After Date:%s" % (
trans.pwdLastChanged1,trans.pwdLastChanged2 )
else:
#print "Password change verification success -
PasswordLastChange Value did change after executing the SetPassword
Command.Before:%s Date After Date:%s" % (
trans.pwdLastChanged1,trans.pwdLastChanged2 )
return None
Thank You,
John A. Gooch
"May the Python-force be with you...always."
Systems Administrator
EchoStar Satellite L.L.C.
Desk: 720-514-5708
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.python.org/pipermail/python-win32/attachments/20050729/6b57345e/attachment.htm
More information about the Python-win32
mailing list