raise Exception("Could not find domain member account '%s' to promote to a DC, use 'samba-tool domain join' instead'" % ctx.samname)
if "msDS-krbTgtLink" in res[0] or "serverReferenceBL" in res[0] or "rIDSetReferences" in res[0]:
raise Exception("Account '%s' appears to be an active DC, use 'samba-tool domain join' if you must re-create this account" % ctx.samname)
- if (int(res[0]["userAccountControl"][0]) & (samba.dsdb.UF_WORKSTATION_TRUST_ACCOUNT |samba.dsdb.UF_SERVER_TRUST_ACCOUNT) == 0):
+ if (int(res[0]["userAccountControl"][0]) & (samba.dsdb.UF_WORKSTATION_TRUST_ACCOUNT |
+ samba.dsdb.UF_SERVER_TRUST_ACCOUNT) == 0):
raise Exception("Account %s is not a domain member or a bare NT4 BDC, use 'samba-tool domain join' instead'" % ctx.samname)
ctx.promote_from_dn = res[0].dn
olduac = uac
- uac &= ~(UF_SERVER_TRUST_ACCOUNT |UF_TRUSTED_FOR_DELEGATION |UF_PARTIAL_SECRETS_ACCOUNT)
+ uac &= ~(UF_SERVER_TRUST_ACCOUNT |
+ UF_TRUSTED_FOR_DELEGATION |
+ UF_PARTIAL_SECRETS_ACCOUNT)
uac |= UF_WORKSTATION_TRUST_ACCOUNT
msg = ldb.Message()
def get_gpo_info(samdb, gpo=None, displayname=None, dn=None,
- sd_flags=security.SECINFO_OWNER |security.SECINFO_GROUP |security.SECINFO_DACL |security.SECINFO_SACL):
+ sd_flags=(security.SECINFO_OWNER |
+ security.SECINFO_GROUP |
+ security.SECINFO_DACL |
+ security.SECINFO_SACL)):
'''Get GPO information using gpo, displayname or dn'''
policies_dn = samdb.get_default_basedn()
continue
try:
- sd_flags = security.SECINFO_OWNER |security.SECINFO_GROUP |security.SECINFO_DACL
+ sd_flags = (security.SECINFO_OWNER |
+ security.SECINFO_GROUP |
+ security.SECINFO_DACL)
gmsg = self.samdb.search(base=g['dn'], scope=ldb.SCOPE_BASE,
attrs=['name', 'displayName', 'flags',
'nTSecurityDescriptor'],
"objectClass": "user"}
if smartcard_required:
- ldbmessage["userAccountControl"] = str(dsdb.UF_NORMAL_ACCOUNT |dsdb.UF_SMARTCARD_REQUIRED)
+ ldbmessage["userAccountControl"] = str(dsdb.UF_NORMAL_ACCOUNT |
+ dsdb.UF_SMARTCARD_REQUIRED)
setpassword = False
if surname is not None: