Skip to content

Active Directory Administration with Python – pt. 1

Active Directory (AD) is a vital component of many organizations’ IT infrastructures, serving as a central repository for user accounts, group policies, and network resources. While traditional methods of AD administration involve manual configuration through GUI tools or PowerShell scripts, Python offers a powerful alternative for automating routine tasks and managing AD more efficiently. In this article, we’ll explore how to perform basic AD administration tasks using Python, leveraging the pyad library.

Setting Up the Environment

Before diving into AD administration with Python, ensure you have the necessary prerequisites:

  1. Python installed on your system (version 3.x recommended).
  2. Install the pyad library using pip:
pip install pyad

Install Pyad
  1. Access to an Active Directory domain and appropriate permissions for the tasks you intend to automate.

Connecting to Active Directory:

The first step in AD administration with Python is establishing a connection to the Active Directory domain. Use the following code snippet to connect:

from pyad import *
 
# Connect to the Active Directory domain
pyad.set_defaults(ldap_server="<your_ldap_server>")

Replace <your_ldap_server> with the hostname or IP address of your domain controller.

Creating a New User Account:

Creating new user accounts is a common AD administration task. Here’s how you can do it with Python:

from pyad import *
 
# Set the organizational unit (OU) where the new user will be created
ou = pyad.adcontainer.ADContainer.from_dn("OU=Users,DC=example,DC=com")
 
# Create a new user object
new_user = pyad.aduser.ADUser.create("JohnDoe", ou)
 
# Set user attributes
new_user.update_attribute("givenName", "John")
new_user.update_attribute("sn", "Doe")
new_user.update_attribute("userPrincipalName", "JohnDoe@example.com")
new_user.update_attribute("password", "P@ssw0rd")
new_user.update_attribute("description", "Example User Account")
 
# Save changes
new_user.commit_changes()

Replace "OU=Users,DC=example,DC=com" with the distinguished name (DN) of the OU where you want to create the user.

Modifying User Attributes:

You can also modify existing user attributes using Python. Here’s an example of updating a user’s email address:

from pyad import *
 
# Retrieve the user object
user = pyad.aduser.ADUser.from_cn("JohnDoe")
 
# Update the email address
user.update_attribute("mail", "john.doe@example.com")
 
# Save changes
user.commit_changes()

Replace "JohnDoe" with the common name (CN) of the user you want to modify.

Deleting a User Account:

When a user leaves the organization or their account becomes obsolete, you may need to delete it from AD. Here’s how you can do it with Python:

from pyad import *
 
# Retrieve the user object
user = pyad.aduser.ADUser.from_cn("JohnDoe")
 
# Delete the user account
user.delete()

Replace "JohnDoe" with the CN of the user you want to delete.

Conclusion

Automating Active Directory administration with Python can greatly streamline repetitive tasks and improve efficiency in managing user accounts and other AD objects. By leveraging the pyad library, you can perform basic AD operations programmatically, saving time and reducing the risk of manual errors. Experiment with the examples provided and explore additional functionalities to tailor automation to your organization’s specific needs.

Published inAutomationPython
© 2024 ScriptWizards.net - Powered by Coffee & Magic