jbaker10 · January 29, 2021 06:40
diff --git a/Get_AD_Group_Members.py b/Get_AD_Group_Members.py
 #!/usr/bin/python

 import os, subprocess, plistlib, re, sys
 from os import listdir
 from subprocess import PIPE

 def isRoot():
    if not os.geteuid() == 0:
        print "\nRunning as standard account."
        print "Re-launching script with sudo rights..."
        os.execvp("sudo", ["sudo"] + sys.argv)

 def bashCommand(script):
 	try:
 		return subprocess.check_output(script)
 	except (subprocess.CalledProcessError, OSError), err:
 		return "[* Error] **%s** [%s]" % (err, str(script))

 ## Make sure we're running as root in order to read the OD plist below
 isRoot()

 def main():
 	## Get the current AD Domain
 	domain_plist = os.listdir("/Library/Preferences/OpenDirectory/Configurations/Active Directory")

 	## Convert the binary plist to xml for python to parse
 	bashCommand(["/usr/bin/plutil", "-convert", "xml1", "/Library/Preferences/OpenDirectory/Configurations/Active Directory/%s" % domain_plist[0]])

 	## Read in the plist to pull the node and domain names
 	domain_plist_read = plistlib.readPlist("/Library/Preferences/OpenDirectory/Configurations/Active Directory/%s" % domain_plist[0])
 	node_name = domain_plist_read["node name"]
 	domain = domain_plist_read["module options"]["ActiveDirectory"]["domain"]

 	## Convert the plist back to binary
 	bashCommand(["/usr/bin/plutil", "-convert", "binary1", "/Library/Preferences/OpenDirectory/Configurations/Active Directory/%s" % domain_plist[0]])

 	## Strip out the '/Active Directory' part since we don't need that, it will always be the same
 	node_name = node_name.replace("/Active Directory/", "")

 	print "\nThe current AD node is: %s" % node_name
 	print "\nThe current AD domain is: %s" % domain

 	def get_groups():
 		## Use the 'dscl' command to get the AD groups at the top level of the domain
 		domain_groups = bashCommand(["/usr/bin/dscl", "/Active Directory/%s/%s" % (node_name, domain), "list", "/Groups"])
 		print domain_groups

 		## Allow the user to choose the group that they want the members of
 		chosen_group = raw_input("Please enter the group name you want to get the members for: ")
 		
 		## Since not all groups return a member, rather than failing out we give the user the option to try another group
 		print "You chose [%s]" % chosen_group
 		group_members_raw = subprocess.check_output(["dscl", "/Active Directory/%s/%s" % (node_name, domain), "-read", "/Groups/%s" % chosen_group, "dsAttrTypeNative:member"], stderr=subprocess.STDOUT)
 		if "No such key" in group_members_raw:
 			print "\nNo AD members were returned in this group, please try another"
 			raw_input("If you would like to try again, press enter...")
 			get_groups()

 		## Take out the unnecessary values
 		group_members_raw = group_members_raw.replace("dsAttrTypeNative:member: ", "")

 		## User regex split in order to split the list by comma and space delimiters
 		group_members_temp = re.split(",| ", group_members_raw)
 		ad_members = []

 		## Pull out only the user names, we don't need the full user path in the AD tree
 		for entry in group_members_temp:
 			if "CN=" in entry:
 				entry = entry.replace("CN=", "")
 				ad_members.append(entry)

 		print "\nHere are the members of the chosen AD group: [%s]" % chosen_group
 		for member in ad_members:
 			print member
 		print ""

 	def get_users():
 		## The below code just pulls the AD users on the machine and prints them out
 		users_dir = "/Users/"
 		users = listdir(users_dir)

 		for user in users[:]:
 			try:
 				original_node = bashCommand(["/usr/bin/dscl", ".", "-read", "/Users/%s" % user, "OriginalNodeName"])
 			except:
 				pass
 			if not "Active Directory" in original_node:
 				users.remove(user)

 		print "\nHere is the list of AD users on the machine: "
 		for user in users:
 			print user

 	get_groups()
 	get_users()

 if __name__ == "__main__":
 	main()
	#!/usr/bin/python

	import os, subprocess, plistlib, re, sys
	from os import listdir
	from subprocess import PIPE

	def isRoot():
	if not os.geteuid() == 0:
	print "\nRunning as standard account."
	print "Re-launching script with sudo rights..."
	os.execvp("sudo", ["sudo"] + sys.argv)

	def bashCommand(script):
	try:
	return subprocess.check_output(script)
	except (subprocess.CalledProcessError, OSError), err:
	return "[* Error] %s [%s]" % (err, str(script))

	## Make sure we're running as root in order to read the OD plist below
	isRoot()

	def main():
	## Get the current AD Domain
	domain_plist = os.listdir("/Library/Preferences/OpenDirectory/Configurations/Active Directory")

	## Convert the binary plist to xml for python to parse
	bashCommand(["/usr/bin/plutil", "-convert", "xml1", "/Library/Preferences/OpenDirectory/Configurations/Active Directory/%s" % domain_plist[0]])

	## Read in the plist to pull the node and domain names
	domain_plist_read = plistlib.readPlist("/Library/Preferences/OpenDirectory/Configurations/Active Directory/%s" % domain_plist[0])
	node_name = domain_plist_read["node name"]
	domain = domain_plist_read["module options"]["ActiveDirectory"]["domain"]

	## Convert the plist back to binary
	bashCommand(["/usr/bin/plutil", "-convert", "binary1", "/Library/Preferences/OpenDirectory/Configurations/Active Directory/%s" % domain_plist[0]])

	## Strip out the '/Active Directory' part since we don't need that, it will always be the same
	node_name = node_name.replace("/Active Directory/", "")

	print "\nThe current AD node is: %s" % node_name
	print "\nThe current AD domain is: %s" % domain

	def get_groups():
	## Use the 'dscl' command to get the AD groups at the top level of the domain
	domain_groups = bashCommand(["/usr/bin/dscl", "/Active Directory/%s/%s" % (node_name, domain), "list", "/Groups"])
	print domain_groups

	## Allow the user to choose the group that they want the members of
	chosen_group = raw_input("Please enter the group name you want to get the members for: ")

	## Since not all groups return a member, rather than failing out we give the user the option to try another group
	print "You chose [%s]" % chosen_group
	group_members_raw = subprocess.check_output(["dscl", "/Active Directory/%s/%s" % (node_name, domain), "-read", "/Groups/%s" % chosen_group, "dsAttrTypeNative:member"], stderr=subprocess.STDOUT)
	if "No such key" in group_members_raw:
	print "\nNo AD members were returned in this group, please try another"
	raw_input("If you would like to try again, press enter...")
	get_groups()

	## Take out the unnecessary values
	group_members_raw = group_members_raw.replace("dsAttrTypeNative:member: ", "")

	## User regex split in order to split the list by comma and space delimiters
	group_members_temp = re.split(",\| ", group_members_raw)
	ad_members = []

	## Pull out only the user names, we don't need the full user path in the AD tree
	for entry in group_members_temp:
	if "CN=" in entry:
	entry = entry.replace("CN=", "")
	ad_members.append(entry)

	print "\nHere are the members of the chosen AD group: [%s]" % chosen_group
	for member in ad_members:
	print member
	print ""

	def get_users():
	## The below code just pulls the AD users on the machine and prints them out
	users_dir = "/Users/"
	users = listdir(users_dir)

	for user in users[:]:
	try:
	original_node = bashCommand(["/usr/bin/dscl", ".", "-read", "/Users/%s" % user, "OriginalNodeName"])
	except:
	pass
	if not "Active Directory" in original_node:
	users.remove(user)

	print "\nHere is the list of AD users on the machine: "
	for user in users:
	print user

	get_groups()
	get_users()

	if __name__ == "__main__":
	main()