Recipe 18.6 Programming with Python

18.6.1 Problem

You want to programmatically access Active Directory using Python.

18.6.2 Solution

As with Perl, you have two options for programming Active Directory with Python: the native LDAP-based approach, and a COM interface, which allows you to use ADSI. The LDAP module can be downloaded from The COM interface is part of the standard ActivePython install available from ActiveState (

The following Python code sample prints out the RootDSE of DC1 using the LDAP interface:

import ldap

   l ="dc1")
except ldap.LDAPError, e:
   print e

baseDN = ""
searchScope = ldap.SCOPE_BASE
retrieveAttributes = None 
searchFilter = "objectclass=*"

   ldap_result_id =, searchScope, searchFilter, 
   result_type, result_data = l.result(ldap_result_id, 0)
   if result_type == ldap.RES_SEARCH_ENTRY:
      print result_data

except ldap.LDAPError, e:
   print e

This next code sample uses the win32com.client module to access the RootDSE with ADSI:

import win32com.client

objRootDSE = win32com.client.GetObject('LDAP://RootDSE')
objRootDSE.GetInfo( )

for i in range( 0, objRootDSE.PropertyCount - 1):
   prop = objRootDSE.Item(i)
   print prop.Name
   for val in prop.Values:
      print "  ",val.CaseIgnoreString

18.6.3 Discussion

More information is available on Python by going to the Python home page:

    Chapter 3. Domain Controllers, Global Catalogs, and FSMOs
    Chapter 6. Users
    Appendix A. Tool List