python ：經過Ldap 3 模塊查詢AD 組和 AD 用戶名單

from ldap3 import Server, Connection, ALL, NTLM
import datetime

定義一個類用於操做AD

class operate_AD():
def init(self,Domain,User,Password):
self.domain=Domain
self.user=User
self.pwd=Password
self.DC=','.join(['DC=' + dc for dc in Domain.split('.')])
self.pre = Domain.split('.')[0].upper()
self.server = Server(self.domain, use_ssl=True,get_info=ALL)
self.conn = Connection(self.server, user=self.pre+'\'+self.user, password=self.pwd, auto_bind=True)
self.u_time=datetime.date.today()

def Get_All_UserInfo(self):
    '''
    查詢組織下的用戶
    org: 組織，格式爲：aaa.bbb 即bbb組織下的aaa組織，不包含域地址
    '''
    att_list = ['displayName', 'userPrincipalName','userAccountControl','sAMAccountName','pwdLastSet']
    # org_base = ','.join(['OU=' + ou for ou in org.split('.')]) + ',' + self.DC
    res = self.conn.search(search_base=self.DC,search_filter='(&(objectclass=person)(!(sAMAccountName=*$)))',attributes=att_list, paged_size='50',search_scope='SUBTREE') 
    if res:
        for each in  self.conn.response:
            # print(each['dn'])
            user=[]
            if len(each)==5:    
                user=[each['dn'],each['attributes']['sAMAccountName'],each['attributes']['displayName'],each['attributes']['userAccountControl'],self.u_time]
            yield(user)
    else:
        print('查詢失敗: ', self.conn.result['description'])
        return None

def Get_All_GroupInfo(self):
    '''
    查詢組織下的用戶
    org: 組織，格式爲：aaa.bbb 即bbb組織下的aaa組織，不包含域地址
    '''
    att_list = ['cn','member','objectClass','userAccountControl','sAMAccountName','description']
    # org_base = ','.join(['OU=' + ou for ou in org.split('.')]) + ',' + self.DC
    res = self.conn.search(search_base=self.DC,search_filter='(objectclass=group)',attributes=att_list, paged_size='',search_scope='SUBTREE') 
    if res:
        for each in  self.conn.response:
            Group=[]
            if len(each)==5:    
                for member in each['attributes']['member']:
                    group=[each['attributes']['sAMAccountName'],member,self.u_time]
                    yield(group)

    else:
        print('查詢失敗: ', self.conn.result['description'])
        return None

def main():
pass

if name == 'main':
act=operate_AD('demo.com','User','password')
for user in act.Get_All_UserInfo():
print(user)
print(''50)

for group in act.Get_All_GroupInfo():
    print(group)
    print('*'*50)

備註： 微軟search_filter 語法
https://docs.microsoft.com/en-us/windows/win32/adsi/search-filter-syntax