Just wondering if anyone has any experience modifying the ntSecurityDescriptor property of an Active Directory object from a non-microsoft language (specifically, using python-ldap)?
I am using python-ldap to create user accounts and I need to set the "user cannot change password" property on the new accounts. Unfortunately, the Microsoft documentation states that you cannot set this property by modifying the userAccountControl attribute directly and must instead pull the DACL object (which is contained within the ntSecurityDescriptor property), and modify a permission setting in there. They have some example code for doing it using a built-in class in Visual Basic, but I'm looking to modify this property directly from python.
Microsoft's documentation on this is here:
Would greatly appreciate any assistance on this!