[Tutor] Check if user exist in domain

jon.papageorgiou at wachovia.com jon.papageorgiou at wachovia.com
Tue Mar 1 19:29:07 CET 2005 




I need to check if a user is in a domain from a computer that is not in a
domain. Currently, we are running an NT domain, but will be moving to
ActiveDirectory2003 in the next few months.

I thought if I could get user information for the user I could verify that
the user account existed:

#CODE STARTS HERE
######################################################


import win32net
import win32netcon

domain = "domain"
login = "userid"

try:
    #get the server for the domain -- it has to be a primary dc
    server = str(win32net.NetGetDCName("",domain))
    print server
    #info returns a dictionary of information

    info = win32net.NetUserGetInfo(server, login, 1)
    print info#['full_name']
except win32net.error:
    print "Error: " + login + " not found in " + domain + "."

#CODE ENDS HERE
######################################################

The problem is that the following code only works when one is logged in
locally with a UserID and password that is the SAME as a UserID and
password on the Domain.
Example:

Domain  :   Berlin            Stand-alone             <<- Different
User    :   Frank             Frank                   <<- Same
Password:   frank'spassword   frank'spassword         <<- Same

So I then attempted to authenticate with alternate credentials.  The
following code did not work.It blew up on line 20.

#CODE STARTS HERE
######################################################

import sys
import win32api
import win32net
import win32netcon
import win32security
import win32con

domain = "berlin"
login = "hans"

userwithrights = "frank"
userwithrightspassword = "frank'spassword"

#code blows up on next line
hUser = win32security.LogonUser(
        userwithrights,
        domain,
        userwithrightspassword,
        win32con.LOGON32_LOGON_INTERACTIVE,
        win32con.LOGON32_PROVIDER_DEFAULT
        )

win32security.ImpersonateLoggedOnUser(hUser)

print win32api.GetUserName() # Should display "frank"

#code to be run with alternate credentials
try:
    #get the server for the domain -- it has to be a primary dc
    server = str(win32net.NetGetDCName("",domain))
    print server
    #info returns a dictionary of information

    info = win32net.NetUserGetInfo(server, login, 1)
    print info#['full_name']
except win32net.error:
    print "Error: " + login + " not found in " + domain + "."

win32security.RevertToSelf()
hUser.Close()

#CODE ENDS HERE
######################################################

The output I receive is as follows:

Traceback (most recent call last):
  File "C:\Documents and
Settings\Administrator\Desktop\python-components\getuser2.py", line 20, in
?
    win32con.LOGON32_PROVIDER_DEFAULT
pywintypes.error: (1326, 'LogonUser', 'Logon failure: unknown user name or
bad password.')


The account being checked and the account that I am impersonating are both
domain admins and the password I am using is correct.

Can anybody point me in the right direction as to what I am missing?

Jon Papageorgiou

More information about the Tutor mailing list