Welcome, guest | Sign In | My Account | Store | Cart

Sometimes it is useful to know what attributes are available to you for an object in active directory. You cannot ask the object directly for that, instead you need to use the schema of the object. All of this is done with python's COM support using win32com. By default only attributes that have values are returned.

Python, 20 lines
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
import win32com,win32com.client

def ad_dict(ldap_path,value_required=1):
  attr_dict={}
  adobj=win32com.client.GetObject(ldap_path)
  schema_obj=win32com.client.GetObject(adobj.schema)
  for i in schema_obj.MandatoryProperties:
      value=getattr(adobj,i)
      if value_required and value==None: continue
      attr_dict[i]=value
  for i in schema_obj.OptionalProperties:
      value=getattr(adobj,i)
      if value_required and value==None: continue
      attr_dict[i]=value
  return attr_dict


user='LDAP://cn=fred123,OU=people,DC=company,DC=com'

print ad_dict(user)

Rather than having to guess attribute names or look them up, this recipe gets the attributes for an object in active directory for you. The attributes fit nicely in a python dictionary. Some of the attributes in the dictionary do not point to python data types or structures. They are instead MS COM objects. You'd need to consult relevant documentation at http://msdn.microsoft.com for more information about their use.