I am trying to remove a user from a security group using Python and pywin32, but so far have not been successful. However I am able to add a user to a security group.
from win32com.client import GetObject
grp = GetObject("LDAP://CN=groupname,OU=groups,DC=blah,DC=local")
grp.Add("LDAP://CN=username,OU=users,DC=blah,DC=local") # successfully adds a user to the group
grp.Remove("LDAP://CN=username,OU=users,DC=blah,DC=local") # returns an error
The error is below:
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "<COMObject LDAP://CN=groupname,OU=groups,DC=blah,DC=local>", line 2, in Remove
pywintypes.com_error: (-2147352567, 'Exception occurred.', (0, None, None, None,
0, -2147024891), None)
I have also tried adding using GetObject to get the user and remove it that way, however I get the same error.
usr = GetObject("LDAP://CN=user,OU=users,DC=blah,DC=local")
grp.Remove(usr)
Any help would be much appreciated as I've hit a dead-end here.
EDIT
I have also now tried using Tim Golden's active_directory module to try and remove the group member.
import active_directory as ad
grp = ad.find_group("groupname")
usr = ad.find_user("username")
grp.remove(usr.path())
However this also doesn't work, and I encounter the below error.
Traceback (most recent call last):
File "C:\Python33\lib\site-packages\active_directory.py", line 799, in __getat
tr__
attr = getattr(self.com_object, name)
AttributeError: 'PyIADs' object has no attribute 'group'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "C:\Python33\lib\site-packages\active_directory.py", line 802, in __getat
tr__
attr = self.com_object.Get(name)
pywintypes.com_error: (-2147463155, 'OLE error 0x8000500d', (0, 'Active Director
y', 'The directory property cannot be found in the cache.\r\n', None, 0, -214746
3155), None)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "C:\Python33\lib\site-packages\active_directory.py", line 1081, in remove
self.group.Remove(dn)
File "C:\Python33\lib\site-packages\active_directory.py", line 804, in __getat
tr__
raise AttributeError
AttributeError
EDIT
Wherby suggested that I change to Python 2.7 and give that a go. I have just tried this:
import active_directory as ad
user = ad.find_user("username")
group = ad.find_group("groupname")
group.remove(user.path())
... but I'm still getting an error
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "<COMObject LDAP://CN=groupname,OU=groups,DC=blah,DC=local>", line 2, in remove
pywintypes.com_error: (-2147352567, 'Exception occurred.', (0, None, None, None,
0, -2147024891), None)
The user and group are definitely found correctly, as I can print their LDAP paths using print user.path() and print group.path()
Are there any other active directory libraries for Python 3.3 that anyone can recommend?
Well, I've gone and figured out I was being a bit of a muppet. The account I was logged in to didn't have the permissions to delete from AD groups. When I logged in as the network admin account it worked like a charm.
The final code:
from win32com.client import GetObject
group = GetObject("LDAP://CN=groupname,OU=Groups,DC=blah,DC=local")
group.Remove("LDAP://CN=username,OU=Users,DC=blah,DC=local")