-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathautomation-ADGetUserGroups.yml
64 lines (64 loc) · 2.99 KB
/
automation-ADGetUserGroups.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
args:
- default: true
description: Active Directory Distinguished Name of the desired user
name: dn
- description: Name of the desired user
name: name
- description: Email address of the desired user
name: email
- description: Include these AD attributes of the resulting objects in addition to
the default ones
name: attributes
- description: Enter any value to allow nested groups search as well
name: nestedSearch
comment: Use Active Directory to retrieve the groups in which the specified user is
a member. The user can be specified by name, email or as an Active Directory Distinguished
Name (DN).
commonfields:
id: ADGetUserGroups
version: -1
dependson:
must:
- ad-search
deprecated: true
name: ADGetUserGroups
runonce: false
script: |-
# Optional arguments and default values
attrs = 'name'
if demisto.get(demisto.args(), 'attributes'):
attrs += "," + demisto.args()['attributes']
resp = ''
nested_search = ':1.2.840.113556.1.4.1941:' if demisto.get(demisto.args(), 'nestedSearch') else ''
memberDN = ''
if demisto.get(demisto.args(), 'dn'):
memberDN = demisto.args()['dn']
elif demisto.get(demisto.args(), 'name'):
resp = demisto.executeCommand( 'AdSearch', { 'filter' : "(&(objectCategory=User)(name=" + demisto.args()['name'] + "))" } )
elif demisto.get(demisto.args(), 'email'):
resp = demisto.executeCommand( 'ADGetUsersByEmail', { 'email' : demisto.args()['email'] } )
else:
demisto.results( { 'Type' : entryTypes['error'], 'ContentsFormat' : formats['text'], 'Contents' : 'You must provide either dn, name or email as argument!' } )
sys.exit(0)
if type(resp)==list and len( [ r for r in resp if isError(r) ] ) > 0 :
demisto.results( { 'Type' : entryTypes['error'], 'ContentsFormat' : formats['text'], 'Contents' : 'Error returned by ad command: ' + r['Contents'] } )
sys.exit(0)
if not memberDN:
if type(resp)==list and len(resp)==1 and type(resp[0])==dict and 'Contents' in resp[0] and type(resp[0]['Contents'])==list and len(resp[0]['Contents'])==1 and type(resp[0]['Contents'][0])==dict and 'dn' in resp[0]['Contents'][0]:
memberDN = resp[0]['Contents'][0]['dn']
else:
if resp[0]['Contents'] == 'No results':
demisto.results( { 'Type' : entryTypes['error'], 'ContentsFormat' : formats['text'], 'Contents' : 'User not found.' } )
else:
demisto.results( { 'Type' : entryTypes['error'], 'ContentsFormat' : formats['text'], 'Contents' : 'Unexpected output from ad command.' } )
sys.exit(0)
if memberDN:
filterstr = r"(&(member{0}=".format(nested_search) + memberDN + ")(objectcategory=group))"
demisto.results( demisto.executeCommand( 'AdSearch', { 'filter' : filterstr, 'attributes' : attrs } ) )
else:
demisto.results( { 'Type' : entryTypes['error'], 'ContentsFormat' : formats['text'], 'Contents' : 'Received empty DN or cannot locate DN for the specified arguments.' } )
scripttarget: 0
system: true
tags:
- active directory
type: python