It's mostly for testing purposes. The password change affect a few thousand of our customers, so the group I wrote the script for wants to be able to disable the SetPassword/SetInfo command to do a test run of the script and see if it will encounter any permission/other problems before the "Production" run kicks off. It's all about being proactive, and not having anything happen that will come to the attention of upper management, who will want to know why we are not being proactive instead of reactive. That is, solving problems before they actually are problems, instead of reacting to error messages after the fact.
Plus, with an explicit message stating exactly why a password change would fail, I won't get paged at home at 2am in the morning like I have for the last three days. Instead they Windows admin can be paged to fix the any permissions problems while I sleep. :) -----Original Message----- From: Jim Vickroy [mailto:[EMAIL PROTECTED] Sent: Friday, July 29, 2005 12:34 PM To: Gooch, John Cc: python-win32@python.org Subject: Re: [python-win32] Querying Password Change Privilege on an Active Directory User Ac count Hello John, Why does it matter? Why not just ignore the specific type of exception raised by an invalid SetPassword() or SetInfo() request as follows: try: adsuser.SetPassword(trans.password) adsuser.SetInfo() except <specific type of SetPassword exception to ignore goes here>: pass # or whatever except <specific type of SetInfo exception to ignore goes here>: pass # or whatever except Exception, details: pass # or take whatever action is desired -- jv Gooch, John wrote: > I have a script that changes user passwords, and it throws exceptions > then executing the SetPassword() or SetInfo() commands on a AD user > account that it does not have "set password" privileges on. To avoid > the exception being thrown, I would like to have the script check > whether or not it has permission to change the password before trying > to change it ( make sense? ), but I cannot find any good documentation > on this after a few hours of Googling for it. > > Do anyone have guidance ( or better yet, an answer ) on figuring out > how to implement this. > > here is a small snippet of the code I have now : > > > adsuser = getADSUser( trans.adspath )#Retrieve a copy of the > users AD Account > if ( adsuser ): > trans.email = adsuser.mail > trans.firstname = adsuser.givenName > trans.lastname = adsuser.sn > trans.displayname = adsuser.displayname > #trans.pwdLastChanged1 = adsuser.PasswordLastChanged > #trans.pwdLastChanged1 = time.strftime( "%Y-%m-%d %H:%M:%S", > time.gmtime( adsuser.PasswordLastChanged ) ) > trans.pwdLastChanged1 = str( adsuser.PasswordLastChanged ) > error = NewPassword( trans ) > if ( not error ): > if ( validEmail( trans.email ) ): > try: > print "new password is %s" % trans.password > adsuser.SetPassword( trans.password ) > #x=1 > #adsuser.SetInfo() > print "Password change successful. %s" % trans.username > except pythoncom.com_error, error: > #print "Password change failed. for %s" % > trans.username > return "Set Password failure. COM Error:%s" % str( > error ) > except Exception, error: > return "Set Password failure. General Error:%s" % > str(error) > try: > adsuser = None > adsuser = getADSUser( trans.adspath ) #Retrieve a > copy of the users AD Account > trans.pwdLastChanged2 = str( > adsuser.PasswordLastChanged ) > except: > return "Password change verification failure - > Unable to retrieve PasswordLastChanged Timestamp after changing the > password." % ( trans.pwdLastChanged1,trans.pwdLastChanged2 ) > > if ( trans.pwdLastChanged1 == trans.pwdLastChanged2 ): > return "Password change verification failure - > PasswordLastChange Value did not change after executing the > SetPassword Command.Before:%s Date After Date:%s" % ( > trans.pwdLastChanged1,trans.pwdLastChanged2 ) > else: > #print "Password change verification success - > PasswordLastChange Value did change after executing the SetPassword > Command.Before:%s Date After Date:%s" % ( > trans.pwdLastChanged1,trans.pwdLastChanged2 ) > return None > Thank You, > > > > John A. Gooch > "May the Python-force be with you...always." > Systems Administrator > EchoStar Satellite L.L.C. > Desk: 720-514-5708 > > > > > >----------------------------------------------------------------------- >- > >_______________________________________________ >Python-win32 mailing list >Python-win32@python.org >http://mail.python.org/mailman/listinfo/python-win32 > > _______________________________________________ Python-win32 mailing list Python-win32@python.org http://mail.python.org/mailman/listinfo/python-win32
