I need help with an LDAP attribute that I’m trying to assign for adding a new AD user.
I’m using the following Python script for adding a new user and everything works as expected:
# sample attributes
ldap_attr = {}
ldap_attr['objectClass'] = ['top', 'person' , 'organizationalPerson' , 'user' ]
ldap_attr['cn'] = user_username
ldap_attr['givenName'] = user_firstname
ldap_attr['sn'] = user_lastname
ldap_attr['uid'] = user_username
ldap_attr['sAMAccountName'] = user_username
ldap_attr['mail'] = user_email
ldap_attr['telephoneNumber'] = user_phonenumber
ldap_attr['userPrincipalName'] = f"{user_username}@{ad_domain}"
ldap_attr['displayName'] = f"{user_firstname} {user_lastname}"
### SCRIPT PATH
ldap_attr['scriptPath'] = 'sto.bat'
### SESSION TIMEOUTS
ldap_attr['msTSMaxDisconnectionTime'] = 1
ldap_attr['msTSMaxIdleTime'] = 120
ldap_attr['msTSReconnectionAction'] = True
ldap_conn = connect_ldap_server()
response = ldap_conn.add(f'CN={user_username},{users},{base}', attributes=ldap_attr)
However, the following attributes listed in that script aren’t being added to that user related to Terminal Service.
- msTSMaxDisconnectionTime
- msTSMaxIdleTime
- msTSReconnectionAction
I’m using the correct LDAP name and value type based on the supported Microsoft documentation found here: https://learn.microsoft.com/en-us/windows/win32/adschema/a-mstsmaxidletime
I’m not sure if there is anything that needs to be set on the AD domain controller itself or anything I need to define differently within my script. But any help is much appreciated because I’m unable to find any results related to my issue.
Thanks!
