--- /dev/null
+#!/usr/bin/env python
+# Copyright Luke Morrison <luc785@.hotmail.com> July 2013
+# Co-Edited by Matthieu Pattou July 2013 from original August 2013
+# Edited by Garming Sam Feb. 2014
+# Edited by Luke Morrison April 2014
+# Edited by David Mulder May 2017
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+'''This script reads a log file of previous GPO, gets all GPO from sysvol
+and sorts them by container. Then, it applies the ones that haven't been
+applied, have changed, or is in the right container'''
+
+import os
+import sys
+
+sys.path.insert(0, "bin/python")
+
+import optparse
+from samba import getopt as options
+from samba.auth import system_session
+try:
+ from samba.samdb import SamDB
+except:
+ SamDB = None
+from samba.gpclass import apply_gp, unapply_gp, GPOStorage
+from samba.gp_sec_ext import gp_sec_ext
+import logging
+
+if __name__ == "__main__":
+ parser = optparse.OptionParser('samba-gpupdate [options]')
+ sambaopts = options.SambaOptions(parser)
+
+ # Get the command line options
+ parser.add_option_group(sambaopts)
+ parser.add_option_group(options.VersionOptions(parser))
+ credopts = options.CredentialsOptions(parser)
+ parser.add_option('-H', '--url', dest='url', help='URL for the samdb')
+ parser.add_option('-X', '--unapply', help='Unapply Group Policy',
+ action='store_true')
+ parser.add_option('-M', '--machine', help='Apply machine policy',
+ action='store_true', default=False)
+ parser.add_option_group(credopts)
+
+ # Set the options and the arguments
+ (opts, args) = parser.parse_args()
+
+ # Set the loadparm context
+ lp = sambaopts.get_loadparm()
+ if not opts.url:
+ url = lp.samdb_url()
+ else:
+ url = opts.url
+
+ # Initialize the session
+ creds = credopts.get_credentials(lp, fallback_machine=True)
+ session = system_session()
+
+ # Set up logging
+ logger = logging.getLogger('samba-gpupdate')
+ logger.addHandler(logging.StreamHandler(sys.stdout))
+ logger.setLevel(logging.CRITICAL)
+ log_level = lp.log_level()
+ if log_level == 1:
+ logger.setLevel(logging.ERROR)
+ elif log_level == 2:
+ logger.setLevel(logging.WARNING)
+ elif log_level == 3:
+ logger.setLevel(logging.INFO)
+ elif log_level >= 4:
+ logger.setLevel(logging.DEBUG)
+
+ cache_dir = lp.get('cache directory')
+ store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
+
+ gp_extensions = []
+ if opts.machine:
+ if lp.get('server role') == 'active directory domain controller':
+ gp_extensions.append(gp_sec_ext(logger))
+ else:
+ pass # User extensions
+
+ # Get a live instance of Samba
+ if SamDB:
+ test_ldb = SamDB(url, session_info=session, credentials=creds, lp=lp)
+ else:
+ test_ldb = None
+
+ if not opts.unapply:
+ apply_gp(lp, creds, test_ldb, logger, store, gp_extensions)
+ else:
+ unapply_gp(lp, creds, test_ldb, logger, store, gp_extensions)
+