search

zakird / pyad

Python Active Directory Tools | *Not actively maintained*
http://zakird.github.io/pyad/
176 stars 72 forks source link

Attribute 'Enabled' always returns 'None' #127

Closed sbarkar closed 3 years ago

sbarkar commented 4 years ago

I'm running a simple query using ADQuery.

q.execute_query( attributes=["SamAccountName", "givenName", "sn", "mail", "title", "manager", "Enabled"][::-1], where_clause = "objectClass = 'user' and 'Enabled' = 'True'", base_dn="DC=energy, DC=local" )

For some reason this query returns 0 results every single time. I've tried doing the same thing using 'False' and 'None', but no luck.

When I run this query without the enabled filter in the where clause it works as expected, but every userObject that it returns contains 'Enabled': None.

thecasual commented 3 years ago

Hi @sbarkar - I have created a pull request to resolve this issue https://github.com/zakird/pyad/pull/132. If this is accepted you will be able to create this query using traditional ldap dialect .

q.execute_query(
    attributes = ["Name","OperatingSystem"],
    where_clause = "(& (!userAccountControl:1.2.840.113556.1.4.803:=2) (objectCategory=computer))",
    ldap_dialect = True
)
thecasual commented 3 years ago

@sbarkar - Can you pull the latest from master and let me know if this change resolves your issue?

sbarkar commented 3 years ago

Hi @thecasual, thank you for your help with this. I'm unfortunately unable to test this as I don't have an AD I've got access to atm.

funkwhatyouheard commented 3 years ago

@thecasual just found the same issue. you release this on pipy or do I need to pull from master? Should be able to check this real quick. Also, can you add the enabled attribute to the ADUser class?

funkwhatyouheard commented 3 years ago

Looks like this will return the correct state (Enabled as True or False) of the user, just not the attribute name I was expecting. Doesn't seem to work with the get_attribute() method, but calling this way will work:

aduser.ADUser.from_cn("Last, First")._ldap_adsi_obj.AccountDisabled

funkwhatyouheard commented 3 years ago

Slightly cleaner and holding more of the properties I was looking for. The dictionary returned has some other interesting properties to pay attention to.

aduser.ADUser.from_cn("Last, First").get_user_account_control_settings()['ACCOUNTDISABLE'']

thecasual commented 3 years ago

Does .AccountDisabled also pull down disabled "computers" as well for you? This pull request was accepted into master, so you will need to pull from master.

funkwhatyouheard commented 3 years ago

all my posts were specifically in reference to adusers. I can check ADComputer objects tho. One sec.

funkwhatyouheard commented 3 years ago

just checked, look like both methods for determining if enabled are good for adcomputer and aduser types. Checking compound query in a minute.

funkwhatyouheard commented 3 years ago

@thecasual Your fix seemed to work for me.

sbarkar commented 3 years ago

Given that @funkwhatyouheard has confirmed that the fix worked I will close the ticket. Thank you all.