get deleted AD users/groups by python-ldap -


if delete user or group in windows ad, in "delete objects". want use python ldap lib them. code:

<code> import ldap uri = "ldap://10.64.74.17" user = "xxxxxxxxxx" password = "xxxxxxxxxxxx" ldap.set_option(ldap.opt_referrals, 0) ldap.set_option(ldap.opt_network_timeout, 5) ldap.protocol_version = 3 ldapclient = ldap.initialize(uri) ldapclient.simple_bind_s(user, password) filter = "(&(objectclass=person)(isdeleted=true)(!(objectclass=computer)))" results = ldapclient.search_s("dc=xx,dc=com", ldap.scope_subtree,filter) result in results:   print result ldapclient.unbind_s() </code> 

it can't show deleted objects. what's wrong code?

you need add ldap control search. this. create request control particular operation (in case oid ad 1.2.840.113556.1.4.417). , pass collection of controls search request optional parameter.

tombstone_control = ('1.2.840.113556.1.4.417',criticality=1) results = ldapclient.search_s("dc=xx,dc=com", ldap.scope_subtree,filter, [tombstone_control]) 

i think work. can scope search base cn=deleted objects, dc=xx,dc=com deleted objects end up. should make sure deleted objects there first. can use ldp.exe check.


Comments

Popular posts from this blog

Payment information shows nothing in one page checkout page magento -

tcpdump - How to check if server received packet (acknowledged) -