Question: Filtering results for find_groups_for_user

[e2robot]

I use something like the following to get the groups a user is a member of.

netbios=os.environ["COMPUTERNAME"] session=domain.create_session_as_computer(netbios) user_cn="citizenj" groups=session.find_groups_for_user(user_cn)

Groups variable contains a list of groups with all members of each group. Is this by design ? Seems a very heavy query on a large domain with thousands of users in some groups.

I know I can get just the group names by the following

for group in groups: print (group.distinguished_name)

But is there a way to get just the group names directly without pulling all the members ?

[antonvn1]

Seems to be it is "by design", as many find_* methods points to a common worker. You can comment out ldap_constants.AD_ATTRIBUTE_MEMBER addition at ms_active_directory/tree/main/ms_active_directory/core/ad_session.py:1836 and replace elif with else later at :1860 (here group member filtering applies). This trick will work only if you run find_groups_for_user, not find_groups_for_users.

[zorn96]

hi @antonvn1 ! it was by design but that was largely because I wrote this entire library fully based on the things I thought were nice and the use cases I could think of offhand

if others want to propose changes, I'm more than happy to review PRs and merge them as long as they're reasonable