Skip to content

Instantly share code, notes, and snippets.

@jbaker10
Last active January 29, 2021 06:40
Show Gist options
  • Save jbaker10/a1256f44ede741ee3885f6723058a4cb to your computer and use it in GitHub Desktop.
Save jbaker10/a1256f44ede741ee3885f6723058a4cb to your computer and use it in GitHub Desktop.
#!/usr/bin/python
import os, subprocess, plistlib, re, sys
from os import listdir
from subprocess import PIPE
def isRoot():
if not os.geteuid() == 0:
print "\nRunning as standard account."
print "Re-launching script with sudo rights..."
os.execvp("sudo", ["sudo"] + sys.argv)
def bashCommand(script):
try:
return subprocess.check_output(script)
except (subprocess.CalledProcessError, OSError), err:
return "[* Error] **%s** [%s]" % (err, str(script))
## Make sure we're running as root in order to read the OD plist below
isRoot()
def main():
## Get the current AD Domain
domain_plist = os.listdir("/Library/Preferences/OpenDirectory/Configurations/Active Directory")
## Convert the binary plist to xml for python to parse
bashCommand(["/usr/bin/plutil", "-convert", "xml1", "/Library/Preferences/OpenDirectory/Configurations/Active Directory/%s" % domain_plist[0]])
## Read in the plist to pull the node and domain names
domain_plist_read = plistlib.readPlist("/Library/Preferences/OpenDirectory/Configurations/Active Directory/%s" % domain_plist[0])
node_name = domain_plist_read["node name"]
domain = domain_plist_read["module options"]["ActiveDirectory"]["domain"]
## Convert the plist back to binary
bashCommand(["/usr/bin/plutil", "-convert", "binary1", "/Library/Preferences/OpenDirectory/Configurations/Active Directory/%s" % domain_plist[0]])
## Strip out the '/Active Directory' part since we don't need that, it will always be the same
node_name = node_name.replace("/Active Directory/", "")
print "\nThe current AD node is: %s" % node_name
print "\nThe current AD domain is: %s" % domain
def get_groups():
## Use the 'dscl' command to get the AD groups at the top level of the domain
domain_groups = bashCommand(["/usr/bin/dscl", "/Active Directory/%s/%s" % (node_name, domain), "list", "/Groups"])
print domain_groups
## Allow the user to choose the group that they want the members of
chosen_group = raw_input("Please enter the group name you want to get the members for: ")
## Since not all groups return a member, rather than failing out we give the user the option to try another group
print "You chose [%s]" % chosen_group
group_members_raw = subprocess.check_output(["dscl", "/Active Directory/%s/%s" % (node_name, domain), "-read", "/Groups/%s" % chosen_group, "dsAttrTypeNative:member"], stderr=subprocess.STDOUT)
if "No such key" in group_members_raw:
print "\nNo AD members were returned in this group, please try another"
raw_input("If you would like to try again, press enter...")
get_groups()
## Take out the unnecessary values
group_members_raw = group_members_raw.replace("dsAttrTypeNative:member: ", "")
## User regex split in order to split the list by comma and space delimiters
group_members_temp = re.split(",| ", group_members_raw)
ad_members = []
## Pull out only the user names, we don't need the full user path in the AD tree
for entry in group_members_temp:
if "CN=" in entry:
entry = entry.replace("CN=", "")
ad_members.append(entry)
print "\nHere are the members of the chosen AD group: [%s]" % chosen_group
for member in ad_members:
print member
print ""
def get_users():
## The below code just pulls the AD users on the machine and prints them out
users_dir = "/Users/"
users = listdir(users_dir)
for user in users[:]:
try:
original_node = bashCommand(["/usr/bin/dscl", ".", "-read", "/Users/%s" % user, "OriginalNodeName"])
except:
pass
if not "Active Directory" in original_node:
users.remove(user)
print "\nHere is the list of AD users on the machine: "
for user in users:
print user
get_groups()
get_users()
if __name__ == "__main__":
main()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment