jbaker10/Get_AD_Group_Members.py

## Get_AD_Group_Members.py
#!/usr/bin/python

import os, subprocess, plistlib, re, sys
from os import listdir
from subprocess import PIPE

def isRoot():
    if not os.geteuid() == 0:
        print "\nRunning as standard account."
        print "Re-launching script with sudo rights..."
        os.execvp("sudo", ["sudo"] + sys.argv)

def bashCommand(script):
	try:
		return subprocess.check_output(script)
	except (subprocess.CalledProcessError, OSError), err:
		return "[* Error] **%s** [%s]" % (err, str(script))

## Make sure we're running as root in order to read the OD plist below
isRoot()

def main():
	## Get the current AD Domain
	domain_plist = os.listdir("/Library/Preferences/OpenDirectory/Configurations/Active Directory")

	## Convert the binary plist to xml for python to parse
	bashCommand(["/usr/bin/plutil", "-convert", "xml1", "/Library/Preferences/OpenDirectory/Configurations/Active Directory/%s" % domain_plist[0]])

	## Read in the plist to pull the node and domain names
	domain_plist_read = plistlib.readPlist("/Library/Preferences/OpenDirectory/Configurations/Active Directory/%s" % domain_plist[0])
	node_name = domain_plist_read["node name"]
	domain = domain_plist_read["module options"]["ActiveDirectory"]["domain"]

	## Convert the plist back to binary
	bashCommand(["/usr/bin/plutil", "-convert", "binary1", "/Library/Preferences/OpenDirectory/Configurations/Active Directory/%s" % domain_plist[0]])

	## Strip out the '/Active Directory' part since we don't need that, it will always be the same
	node_name = node_name.replace("/Active Directory/", "")

	print "\nThe current AD node is: %s" % node_name
	print "\nThe current AD domain is: %s" % domain

	def get_groups():
		## Use the 'dscl' command to get the AD groups at the top level of the domain
		domain_groups = bashCommand(["/usr/bin/dscl", "/Active Directory/%s/%s" % (node_name, domain), "list", "/Groups"])
		print domain_groups

		## Allow the user to choose the group that they want the members of
		chosen_group = raw_input("Please enter the group name you want to get the members for: ")

		## Since not all groups return a member, rather than failing out we give the user the option to try another group
		print "You chose [%s]" % chosen_group
		group_members_raw = subprocess.check_output(["dscl", "/Active Directory/%s/%s" % (node_name, domain), "-read", "/Groups/%s" % chosen_group, "dsAttrTypeNative:member"], stderr=subprocess.STDOUT)
		if "No such key" in group_members_raw:
			print "\nNo AD members were returned in this group, please try another"
			raw_input("If you would like to try again, press enter...")
			get_groups()

		## Take out the unnecessary values
		group_members_raw = group_members_raw.replace("dsAttrTypeNative:member: ", "")

		## User regex split in order to split the list by comma and space delimiters
		group_members_temp = re.split(",| ", group_members_raw)
		ad_members = []

		## Pull out only the user names, we don't need the full user path in the AD tree
		for entry in group_members_temp:
			if "CN=" in entry:
				entry = entry.replace("CN=", "")
				ad_members.append(entry)

		print "\nHere are the members of the chosen AD group: [%s]" % chosen_group
		for member in ad_members:
			print member
		print ""

	def get_users():
		## The below code just pulls the AD users on the machine and prints them out
		users_dir = "/Users/"
		users = listdir(users_dir)

		for user in users[:]:
			try:
				original_node = bashCommand(["/usr/bin/dscl", ".", "-read", "/Users/%s" % user, "OriginalNodeName"])
			except:
				pass
			if not "Active Directory" in original_node:
				users.remove(user)

		print "\nHere is the list of AD users on the machine: "
		for user in users:
			print user

	get_groups()
	get_users()

if __name__ == "__main__":
	main()
	#!/usr/bin/python

	import os, subprocess, plistlib, re, sys
	from os import listdir
	from subprocess import PIPE

	def isRoot():
	if not os.geteuid() == 0:
	print "\nRunning as standard account."
	print "Re-launching script with sudo rights..."
	os.execvp("sudo", ["sudo"] + sys.argv)

	def bashCommand(script):
	try:
	return subprocess.check_output(script)
	except (subprocess.CalledProcessError, OSError), err:
	return "[* Error] %s [%s]" % (err, str(script))

	## Make sure we're running as root in order to read the OD plist below
	isRoot()

	def main():
	## Get the current AD Domain
	domain_plist = os.listdir("/Library/Preferences/OpenDirectory/Configurations/Active Directory")

	## Convert the binary plist to xml for python to parse
	bashCommand(["/usr/bin/plutil", "-convert", "xml1", "/Library/Preferences/OpenDirectory/Configurations/Active Directory/%s" % domain_plist[0]])

	## Read in the plist to pull the node and domain names
	domain_plist_read = plistlib.readPlist("/Library/Preferences/OpenDirectory/Configurations/Active Directory/%s" % domain_plist[0])
	node_name = domain_plist_read["node name"]
	domain = domain_plist_read["module options"]["ActiveDirectory"]["domain"]

	## Convert the plist back to binary
	bashCommand(["/usr/bin/plutil", "-convert", "binary1", "/Library/Preferences/OpenDirectory/Configurations/Active Directory/%s" % domain_plist[0]])

	## Strip out the '/Active Directory' part since we don't need that, it will always be the same
	node_name = node_name.replace("/Active Directory/", "")

	print "\nThe current AD node is: %s" % node_name
	print "\nThe current AD domain is: %s" % domain

	def get_groups():
	## Use the 'dscl' command to get the AD groups at the top level of the domain
	domain_groups = bashCommand(["/usr/bin/dscl", "/Active Directory/%s/%s" % (node_name, domain), "list", "/Groups"])
	print domain_groups

	## Allow the user to choose the group that they want the members of
	chosen_group = raw_input("Please enter the group name you want to get the members for: ")

	## Since not all groups return a member, rather than failing out we give the user the option to try another group
	print "You chose [%s]" % chosen_group
	group_members_raw = subprocess.check_output(["dscl", "/Active Directory/%s/%s" % (node_name, domain), "-read", "/Groups/%s" % chosen_group, "dsAttrTypeNative:member"], stderr=subprocess.STDOUT)
	if "No such key" in group_members_raw:
	print "\nNo AD members were returned in this group, please try another"
	raw_input("If you would like to try again, press enter...")
	get_groups()

	## Take out the unnecessary values
	group_members_raw = group_members_raw.replace("dsAttrTypeNative:member: ", "")

	## User regex split in order to split the list by comma and space delimiters
	group_members_temp = re.split(",\| ", group_members_raw)
	ad_members = []

	## Pull out only the user names, we don't need the full user path in the AD tree
	for entry in group_members_temp:
	if "CN=" in entry:
	entry = entry.replace("CN=", "")
	ad_members.append(entry)

	print "\nHere are the members of the chosen AD group: [%s]" % chosen_group
	for member in ad_members:
	print member
	print ""

	def get_users():
	## The below code just pulls the AD users on the machine and prints them out
	users_dir = "/Users/"
	users = listdir(users_dir)

	for user in users[:]:
	try:
	original_node = bashCommand(["/usr/bin/dscl", ".", "-read", "/Users/%s" % user, "OriginalNodeName"])
	except:
	pass
	if not "Active Directory" in original_node:
	users.remove(user)

	print "\nHere is the list of AD users on the machine: "
	for user in users:
	print user

	get_groups()
	get_users()

	if __name__ == "__main__":
	main()