Ldap3 Python Search Members Of A Group And Retrieve Their Samacountname (active Directory)

I'm trying to use ldap3 with python to retrieve members of a group and also retrieve their sAMAccountName as we have mixed DN's (some with NTID and others with first/last name). I

Solution 1:

Before you can search the members you must first pull down the list of members from the group itself.

conn.search(
    search_base='CN=GROUPNAME,OU=Groups,OU=Resources,OU=Global,DC=adserver.com',
    search_filter='(objectClass=group)',
    search_scope='SUBTREE',
    attributes = ['member']
)

for entry in conn.entries:
    print(entry.member.values)

This will print out a list of members as distinguished names.

You will then need to perform a new search that iterates through each of the members and returns the sAMAccountName for each member.

Here is what the full code might look like (may need to be tweaked):

conn.search(
    search_base='CN=GROUPNAME,OU=Groups,OU=Resources,OU=Global,DC=adserver.com',
    search_filter='(objectClass=group)',
    search_scope='SUBTREE',
    attributes = ['member']
)

for entry in conn.entries:
    for member in entry.member.values:
        conn.search(
            search_base='OU=Global,DC=adserver.com',
            search_filter=f'(distinguishedName={member})',
            attributes=[
                'sAMAccountName'
            ]
        )

        user_sAMAccountName = conn.entries[0].sAMAccountName.values

        print(user_sAMAccountName)

Solution 2:

The entries found should be in the entries property of the Connection object. Try with print(conn.entries)