Users Domain Account Statuses (Python)¶
Users Domain Account Statuses (Python)¶
1# This example queries the account status for all domain (LDAP) users in the database.
2
3# Create a local variable for the output toolbox
4ot = impact.gui.output_toolbox
5db = impact.active_database
6
7# Clear the output toolbox
8ot.clear()
9
10# Retrieve the users from the DB
11users = db.users
12
13# Connect to LDAP Service when querying multiple items to improve performance
14if db.connect_to_ldap_service():
15
16 ot.add("Successfully connected to LDAP Service")
17
18 for i in range(1, users.count + 1):
19 user = None
20 try:
21 user = users.item(i)
22 except Exception as exc:
23 pass
24 impact.gui.output_toolbox.add(f"Failed to create object via users.item(): {exc}")
25
26 if user.ldap_enabled:
27
28 # Output LDAP account status
29 status = user.ldap_user_account_status
30
31 if not status.isNone():
32
33 ot.add(" LDAP Account Status for " + user.formatted_name)
34 ot.add(" IsDisabled: " + status.is_disabled)
35 ot.add(" IsLockedOut: " + status.is_locked_out)
36 ot.add(" AccountHasExpired: " + status.account_has_expired)
37 ot.add(" PasswordCannotBeChanged: " + status.password_cannot_be_changed)
38 ot.add(" PasswordNeverExpires: " + status.password_never_expires)
39 ot.add(" PasswordHasExpired: " + status.password_has_expired)
40 ot.add(" PasswordMustBeResetAtLogon: " + status.password_must_be_reset_at_logon)
41 ot.add(" DaysUntilPasswordExpires: " + status.days_until_password_expires)
42 ot.add(" SecondsUntilPasswordExpires: " + status.seconds_until_password_expires)
43
44 else:
45
46 ot.add("Unable to determine LDAP user account status for " + user.formatted_name)
47
48 # Remember to disconnect
49 db.disconnect_from_ldap_service()
50else:
51
52 ot.add("Failed to connect to LDAP service: " + db.errors.last.description)