[python-win32] Querying Password Change Privilege on an Active Directory User Ac count

Gooch, John Fri, 29 Jul 2005 10:39:22 -0700

Title: Message

I have a script that changes user passwords, and it throws exceptions then executing the SetPassword() or SetInfo() commands on a AD user account that it does not have "set password" privileges on. To avoid the exception being thrown, I would like to have the script check whether or not it has permission to change the password before trying to change it ( make sense? ), but I cannot find any good documentation on this after a few hours of Googling for it.

Do anyone have guidance ( or better yet, an answer ) on figuring out how to implement this.

here is a small snippet of the code I have now :

      adsuser = getADSUser( trans.adspath )#Retrieve a copy of the users AD Account
      if ( adsuser ):
         trans.email = adsuser.mail
         trans.firstname = adsuser.givenName
         trans.lastname = adsuser.sn
         trans.displayname = adsuser.displayname
         #trans.pwdLastChanged1 = adsuser.PasswordLastChanged
         #trans.pwdLastChanged1 = time.strftime( "%Y-%m-%d %H:%M:%S", time.gmtime( adsuser.PasswordLastChanged ) )
         trans.pwdLastChanged1 = str( adsuser.PasswordLastChanged )
         error = NewPassword( trans )
         if ( not error ):
            if (  validEmail( trans.email ) ):
               try:
                  print "new password is %s" % trans.password
                  adsuser.SetPassword( trans.password )
                  #x=1
                  #adsuser.SetInfo()
                  print "Password change successful. %s" % trans.username
               except pythoncom.com_error, error:
                  #print "Password change failed. for %s" % trans.username
                  return "Set Password failure. COM Error:%s" % str( error )
               except Exception, error:
                  return "Set Password failure. General Error:%s" % str(error)
               try:
                  adsuser = None
                  adsuser = getADSUser( trans.adspath ) #Retrieve a copy of the users AD Account
                  trans.pwdLastChanged2 = str( adsuser.PasswordLastChanged )
               except:
                  return "Password change verification failure - Unable to retrieve PasswordLastChanged Timestamp after changing the password." % ( trans.pwdLastChanged1,trans.pwdLastChanged2 )

               if ( trans.pwdLastChanged1 == trans.pwdLastChanged2 ):
                   return "Password change verification failure - PasswordLastChange Value did not change after executing the SetPassword Command.Before:%s Date After Date:%s" % ( trans.pwdLastChanged1,trans.pwdLastChanged2 )
               else:
                   #print "Password change verification success - PasswordLastChange Value did change after executing the SetPassword Command.Before:%s Date After Date:%s" % ( trans.pwdLastChanged1,trans.pwdLastChanged2 )
                   return None

Thank You,

John A. Gooch
"May the Python-force be with you...always."
Systems Administrator
EchoStar Satellite L.L.C.
Desk: 720-514-5708

_______________________________________________
Python-win32 mailing list
Python-win32@python.org
http://mail.python.org/mailman/listinfo/python-win32

[python-win32] Querying Password Change Privilege on an Active Directory User Ac count

Reply via email to