Source code for pyad.aduser
from .adobject import ADObject
import pywintypes
from . import pyadutils
import datetime
[docs]class ADUser(ADObject):
[docs] @classmethod
def create(
cls,
name,
container_object,
password=None,
upn_suffix=None,
enable=True,
optional_attributes={},
):
"""Creates and returns a new active directory user"""
return container_object.create_user(
name=name,
password=password,
upn_suffix=upn_suffix,
enable=enable,
optional_attributes=optional_attributes,
)
[docs] def set_password(self, password, flush=True):
"""Sets the users password"""
try:
self._ldap_adsi_obj.SetPassword(password)
if flush:
self._flush()
except pywintypes.com_error as excpt:
pyadutils.pass_up_com_exception(excpt)
[docs] def force_pwd_change_on_login(self, flush: bool = True):
"""Forces the user to change their password the next time they login"""
self.update_attribute("PwdLastSet", 0, no_flush=(not flush))
def grant_password_lease(self, flush: bool = True):
self.update_attribute("PwdLastSet", -1, no_flush=(not flush))
[docs] def get_password_last_set(self) -> datetime.datetime:
"""Returns datetime object of when user last reset their password."""
return self._get_password_last_set()
[docs] def get_max_pwd_age(self):
"""Returns timespan object representing the max password age on a user's domain"""
return pyadutils.convert_timespan(self.get_domain().maxPwdAge)
[docs] def get_expiration(self):
"""Gets the expiration date of the password as a datetime object.
The _ldap_adsi_obj.AccountExpirationDate can be inaccurate and
return the UNIX Epoch instead of the true expiration date."""
uac_settings = self.get_user_account_control_settings()
if any(
uac_settings[flag]
for flag in [
"SMARTCARD_REQUIRED",
"DONT_EXPIRE_PASSWD",
"WORKSTATION_TRUST_ACCOUNT",
"SERVER_TRUST_ACCOUNT",
"INTERDOMAIN_TRUST_ACCOUNT",
]
):
return None
elif self.get_attribute("pwdLastSet", False) is None:
return datetime.datetime(1970, 1, 1)
else:
return self.get_password_last_set() + self.get_max_pwd_age()
[docs] def set_expiration(self, dt, flush: bool = True) -> None:
"""Sets the expiration date of the password to the given value"""
self._ldap_adsi_obj.AccountExpirationDate = dt
if flush:
self._flush()
[docs] def get_password_expired(self) -> bool:
"""Returns a bool representing whether the password has expired.
The passwordexpired property will often return True even if not expired."""
expiration_date = self.get_expiration()
if expiration_date is None:
return False
return expiration_date < datetime.datetime.now()
[docs] def unlock(self, flush: bool = True) -> None:
"""Unlock the user's account"""
self.update_attribute("lockoutTime", 0, no_flush=(not flush))
[docs] def set_managedby(self, user, flush: bool = True) -> None:
"""Sets managedBy on object to the specified user"""
if not isinstance(user, ADUser):
raise ValueError(f"Expected AD User object got {type(user)}")
if user:
self.update_attribute("manager", user.dn, no_flush=(not flush))
else:
self.clear_managedby("manager", flush=flush)
[docs] def clear_managedby(self, flush: bool = True) -> None:
"""Sets object to be managedBy nobody"""
self.clear_attribute("manager", flush=flush)
ADObject._py_ad_object_mappings["user"] = ADUser