Tim Golden’s active_directory wrapper in Python 3

Tim Golden wrote a useful wrapper for accessing active directory. It is was written for Python 2 but is able to fully translate it. Once downloaded (and updated to 3 if applicable) run python install to compile and copy the library ready to be used in your programs.

For example to display the user logon name (ID) for all accounts with a name beginning with quackajack (notice the asterisk to do the wildcard search)

import active_directory
adusers ="displayName='quackajack*'", objectCategory='Person', objectClass='User')
for adu in adusers:
    print adu.sAMAccountName

If using sAMAccountName seems confusing don’t worry. I struggle to remember all but the most common ones preferring to look them up when needed by listing all attributes then picking the ones I need. If you want to have a look a full list of user attributes is available here.

Those who have used dsquery before from the command line may be aware of the using -attr * to display all attributes of the object. You can do the same in your python script with the dump function. Hence changing the print line above to print adu.dump() will print out a key,value list of all attributes. Be warned its a long list.

Loading Registry Hives

I needed to get a registry value out of all the Citrix profiles to resolve an migrate an application to the new farm. Simple enough I thought, enumerate the directories, Load the hive in ntuser.dat and read the value. Even found the function, win32api.RegLoadKey, on the first attempt.

However when I tried this on a local profile I got a permission issue, even as the local admin. The scant documentation mentioned I needed SE_PRIVILEGE_ENABLED but what is it and how do I get it. I could open the hive with regedit so why not with python.

Help came in the form of a post from future_retro on; basically you need to get a token for the your process and adjust the privilege on that.

flags = win32security.TOKEN_ADJUST_PRIVILEGES | win32security.TOKEN_QUERY
htoken = win32security.OpenProcessToken(win32api.GetCurrentProcess(),flags)
loadid = win32security.LookupPrivilegeValue(None,'SeRestorePrivilege')
newprivlist = [(loadid, win32security.SE_PRIVILEGE_ENABLED)]

Now with the hive loaded the second part was getting the value. It is not quite as simple as passing the location but a two step process of opening the key with win32api.RegOpenKeyEx and reading the value win32api.RegQueryValueEx. Just don’t forget to close it when you are done.

To demonstrate this I have created this little program which enumerates all the directories in a given path and opens the hive if it exists. It then lists all of the keys under Software to give you some idea of the software the user has accessed in Citrix.

In the demonstration code there is a single function which takes up half of the code whose purpose is not clear from inspection. It take the key name and returns the values and subkeys as two lists in a tuple. Hope the example helps.