Python 提取安全组内用户的sAMAccountName_Python_Active Directory

Python 提取安全组内用户的sAMAccountName

python active-directory

Python 提取安全组内用户的sAMAccountName,python,active-directory,Python,Active Directory,我知道我可以通过在循环中再次查询AD来做到这一点，但这将产生大量我希望避免的调用。这是我的密码： import os, sys import re import datetime import getpass import ldap debug = True now = datetime.datetime.now() print '******************\n##########\n******************\n' l = ldap.initialize("ldap:

我知道我可以通过在循环中再次查询AD来做到这一点，但这将产生大量我希望避免的调用。这是我的密码：

import os, sys
import re
import datetime
import getpass
import ldap

debug = True
now = datetime.datetime.now()

print '******************\n##########\n******************\n'

l = ldap.initialize("ldap://##########")

if debug:
    l.simple_bind_s("ADuser@##########","##########")
else:
    try:
        username = raw_input('Username: ')
        password = getpass.getpass('Password: ')
        l.simple_bind_s(username + '@##########', password)
    except ldap.LDAPError, e:
        print e
        raw_input('Press any key to continue')
        sys.exit()

baseDN = "OU=##########, OU=##########, OU=##########, DC=##########, DC=##########"
searchScope = ldap.SCOPE_SUBTREE

retrieveAttributes = None
searchFilter = "CN=*"

try:
    ldap_result_id = l.search(baseDN, searchScope, searchFilter, retrieveAttributes)
    result_set = []
    while 1:
        result_type, result_data = l.result(ldap_result_id, 0)
        if (result_data == []):
            break
        else:
            if result_type == ldap.RES_SEARCH_ENTRY:
                result_set.append(result_data)
    try:
        f = open(os.environ['userprofile'] + '\\Desktop\\' + now.strftime('%Y-%m-%d') + '_Report.csv', 'w')
        f.write('Full Name, Shared Account Name, Shared Account Code\n')
        try:
            for i in range(len(result_set)):
                for entry in result_set[i]:
                    #print entry[1]['cn'][0] #Security Group name
                    try:
                        if entry[1]['member']:
                            for member in entry[1]['member']: #Group members
                                m = re.search('CN=(.+?),OU', member).group(1)

                                account = entry[1]['cn'][0]
                                description = entry[1]['description'][0].rstrip('\n')
                                member = m.replace('\\', '')

                                f.write('"' + member + '", ' + description + ', ' + account + '\n')
                    except:
                        pass
        finally:
            f.close()
    except IOError, e:
        print e
    l.unbind_s()
except ldap.LDAPError, e:
    print e
    raw_input('Press any key to continue')

如何提取安全组、成员的列表，然后还获取单个用户的sAMAccountName？或者，如果不进行另一次查找，这是不可能的？

尽管LDAP协议无法执行您请求的操作

当然，您可以通过调用方法从组中列出的DN中获取sAMAccountName来简化代码布局

这类操作在LDAP中是典型的，但它们发生得非常快。

所以你认为即使有几千个用户，这也不过分吗？