Python AD LDAP

AD DNS CLI

dnscmd.exe <DNS Server> /RecordAdd domain.com hostname /CreatePTR A ipaddress

AD from python

# bind to AD LDAP and enumerate a list of groups
AD_uri="ldap://xxx.xxx.xxx.xxx"
AD_groups=["group1","group2"]

baseDN="dc=illumina,dc=com"
bindDN="CN=svcaccount,OU=Service Accounts,DC=illumina,DC=com"
bindPW="svcaccountpasswd"
ldap.set_option(ldap.OPT_REFERRALS, 0)

def enumerateGroup(group):
  members=[]
  try:
    l = ldap.initialize(AD_uri)
  except:
    print e
    sys.exit(1)

  l.protocol_version = ldap.VERSION3

  # bind to AD
  try:
    l.bind_s(bindDN,bindPW)
  except ldap.LDAPError, e:
    print e
    sys.exit(1)

  filter='(&(objectClass=Person)(memberof=CN=' + group + ',OU=User Groups,DC=illumina,DC=com))'
  try:
    results = l.search_s(baseDN,ldap.SCOPE_SUBTREE,filter,['sAMAccountName'])
  except ldap.LDAPError, e:
    print "ldap error"
    print e
  else:
    for dn in results:
      if 'sAMAccountName' in dn[-1]:
        for k, v in dn[-1].iteritems():
          members.append(v[0])
          
  l.unbind()D_uri=AD_Uri
  return members
  
for group in AD_groups:
  list = enumerateGroup(group)

AD LDAP

# search AD ldap using my own credentials
# -x disables SASL, -H is the Domain Controller, -b is base DN
# -D is bind DN, -W prompts for password
ldapsearch -x -H ldap://xxx.xxx.xxx.xxx:3268 -b 'dc=illumina,dc=com' -D 'ILLUMINA\thartmann' '(samaccountname=thartmann)' -W

# example sssd.conf to allow logins from multiple groups
ldap_access_filter = (|(memberOf=CN=GRP_HPC_ADMINS,OU=User Groups,DC=illumina,DC=com)(memberOf=CN=GRP_Shiny_RW,OU=User Groups,DC=illumina,DC=com))

Powershell Group Members

Import-Module ActiveDirectory
Get-ADGroupMember -identity “Name of Group” -server "domain.name" (e.g. illumina.com)
Get-ADGroupMember -identity “Name of Group” | select name | Export-csv -path C:\Output\Groupmembers.csv -NoTypeInformation

Get-ADGroup -identity "Name of Group" -server "domain.name"

Pretty print groups

id pcruz | tr , '\n'