Users Domain Account Statuses

Users Domain Account Statuses

# This example queries the account status for all domain (LDAP) users in the database.

# Create a local variable for the output toolbox
ot = impact.gui.output_toolbox
db = impact.active_database

# Clear the output toolbox
ot.clear()

# Retrieve the users from the DB
users = db.users

# Connect to LDAP Service when querying multiple items to improve performance
if db.connect_to_ldap_service():
    ot.add("Successfully connected to LDAP Service")

    for i in range(1, users.count  + 1):
        user = users.item(i)

        if user.ldap_enabled:

            # Output LDAP account status
            status = user.ldap_user_account_status

            if status is not None:
                ot.add("  LDAP Account Status for " + str(user.formatted_name))
                ot.add("    IsDisabled: " + str(status.is_disabled))
                ot.add("    IsLockedOut: " + str(status.is_locked_out))
                ot.add("    AccountHasExpired: " + str(status.account_has_expired))
                ot.add("    PasswordCannotBeChanged: " + str(status.password_cannot_be_changed))
                ot.add("    PasswordNeverExpires: " + str(status.password_never_expires))
                ot.add("    PasswordHasExpired: " + str(status.password_has_expired))
                ot.add("    PasswordMustBeResetAtLogon: " + str(status.password_must_be_reset_at_logon))
                ot.add("    DaysUntilPasswordExpires: " + str(status.days_until_password_expires))
                ot.add("    SecondsUntilPasswordExpires: " + str(status.seconds_until_password_expires))

            else:
                ot.add("Unable to determine LDAP user account status for " + str(user.formatted_name))

    # Remember to disconnect
    db.disconnect_from_ldap_service()

else:
    ot.add("Failed to connect to LDAP service: " + str(db.errors.last.description))