I am currently trying to delete some computer objects from the AD using python LDAP when they are deleted/decommissioned (basically any cloud instance which joins our on-pre AD domain upon creation but apparently remains in the AD computer objects even after terminating it) When the termination event occurs a code kicks in and does some LDAP search (it retrieves the computer name from the cloud APIs) What I have done so far:
def search_computer(COMPUTER_NAME, INSTANCE):
"""For all available computer object attributes in the ldap schema refer http://www.phpldaptools.com/reference/Default-Schema-Attributes/#ad-computer-types"""
"""Also refer the https://ldapwiki.com/wiki/Active%20Directory%20Computer%20Related%20LDAP%20Query"""
base = "dc=example,dc=com,dc=au"
ad_filter = f'(&(&(&(objectCategory=computer)(CN={COMPUTER_NAME}))))'
scope = ldap.SCOPE_SUBTREE
attrs = ['dNSHostName']
search_result = ldap_connect.search_s(base, scope, ad_filter, attrs)[0][1]
hostname = search_result['dNSHostName'][0]
COMPUTER_FQDN = hostname.decode()
if COMPUTER_FQDN == f'{COMPUTER_NAME}.example.com':
print(f'The deleted instance has been found in the AD computer objects continuing to delete {COMPUTER_NAME}')
delete_computer(COMPUTER_NAME)
else:
print(f'The deleted instance was not found in the AD computer objects')
def delete_computer(COMPUTER):
print('Connecting to LDAP to issue delete computer object command')
ldap_connect = connect_to_ldap()
ldap_connect.delete_s("DISTINGUISHED_NAME_OF_COMPUTER")
I am referring to the python ldap documentatoin available here
The search operation works as expected however I am trying to call a delete_computer function from within a search_computer functoin but I am not sure how to find the distingushed name of a computer object so that I can be sure that the computer object that I am trying to delete is actually an inteneded machine and not some other.
any help on this would be much appreciated.Thanks in advance.
