Active Directory and RefreshCache

Certain attributes in Active Directory are not automatically exposed. ADSI does not provide a means to get them. Even though System.DirectoryServices from .NET does not provide it by default either, you can use System.DirectoryServices to load an attribute like tokenGroups attribute into the property cache and then get access to it.

To get the tokenGroups attribute.

import sys,System,clr

clr.AddReference("System.DirectoryServices")

def get_property(ldap_path,adproperty): aduser = System.DirectoryServices.DirectoryEntry(ldap_path)

#send RefreshCache an array of strings aduser.RefreshCache(System.Array[str]( [adproperty] ))

for i in aduser.Properties.Values: if i.PropertyName == adproperty: return i.PropertyName,i.Value

user='joe' ldap_path='LDAP://cn=%s,OU=a,DC=b,DC=c'%user print get_property(ldap_path,'tokenGroups')

Back to Contents.