Help on class ADTrustedDomain in module ms_active_directory.core.ad_domain:
- class ADTrustedDomain(builtins.object)
- ADTrustedDomain(primary_domain: ms_active_directory.core.ad_domain.ADDomain, trust_ldap_attributes: dict)Methods defined here:__init__(self, primary_domain: ms_active_directory.core.ad_domain.ADDomain, trust_ldap_attributes: dict)ADTrustedDomain objects represent a trustedDomain object found within an ADDomain.:param primary_domain: An ADDomain object representing the domain where this trusted domain object was found.:param trust_ldap_attributes: A dictionary of LDAP attributes for the trustedDomain.__repr__(self)Return repr(self).__str__(self)Return str(self).convert_to_ad_domain(self, site: str = None, ldap_servers_or_uris: List = None, kerberos_uris: List[str] = None, encrypt_connections: bool = True, ca_certificates_file_path: str = None, discover_ldap_servers: bool = True, discover_kerberos_servers: bool = True, dns_nameservers: List[str] = None, source_ip: str = None) -> ms_active_directory.core.ad_domain.ADDomainConvert this AD domain trust to an ADDomain object. This takes all of the same keyword argumentsas creating an ADDomain object, and use the attributes of the primary domain where appropriate fornetwork settings.:param site: The Active Directory site to operate within. This is only relevant if LDAP orkerberos servers are discovered in DNS, as there’s site-specific records.If set, only hosts within the specified site will be used.:param ldap_servers_or_uris: A list of either Server objects from the ldap3 library, orstring LDAP uris. If specified, they will be used to establishsessions with the domain.:param kerberos_uris: A list of string kerberos server uris. These can be IPs (and the defaultkerberos port of 88 will be used) or IP:port combinations.:param encrypt_connections: Whether or not LDAP connections with the domain will be securedusing TLS. This must be True for join functionality to work,as passwords can only be set over secure connections.If not specified, defaults to True. If LDAP server objects areprovided with ssl enabled or ldaps:// uris are provided, thenconnections to those servers will be encrypted because of theinherent behavior of such configurations.:param ca_certificates_file_path: A path to CA certificates to be used to establish trustwith LDAP servers when securing connections. If notspecified, then TLS will not check the peer certificate.If LDAP server objects are specified, then their TLSsettings will be used rather than anything set in thisvariable. It is only used when discovering servers orusing string URIs, so Server objects can be used ifdifferent CAs sign different servers’ certificatesdue to regional CAs or something similar.If not specified, defaults to None.:param discover_ldap_servers: If true, and LDAP servers/uris are not specified, then LDAPservers for the domain will be discovered in DNS.If not specified, defaults to True.:param discover_kerberos_servers: If true, and kerberos uris are not specified, then kerberosservers for the domain will be discovered in DNS.If not specified, defaults to True.:param dns_nameservers: A list of strings indicating the IP addresses of DNS servers to usewhen discovering servers for the domain. These may be IPv4 or IPv6addresses.If not specified, defaults to the DNS nameservers configured in theprimary domain where this trusted domain was found because domainsthat trust each other are mutually discoverable in each others’DNS or must use a DNS that contains both of them.If not specified and the primary domain has no nameservers set,defaults to what’s configured in /etc/resolv.conf on POSIX systems,and extracting nameservers from registry keys on windows.Can be set to an empty list to force use of the system defaults evenwhen the primary domain has dns_nameservers set.:param source_ip: A source IP address to use for both DNS and LDAP connections established forthis domain.If not specified, defaults to the source IP used for the primary wherethis trusted domain was found, because domains that trust each other aremutually routable, and so the source IP used to talk to the primary domainis assumed to also be the right default network identity for talking tothis domain.If not specified and the primary domain has no source ip set, defaults toautomatic assignment of IP using underlying system networking.Can be set to an empty string to force use of the system defaults evenwhen the primary domain has source_ip set.:returns: An ADDomain object representing this trusted domain as a complete domain with thecorresponding functionality.create_transfer_session_to_trusted_domain(self, ad_session: ms_active_directory.core.ad_session.ADSession, converted_ad_domain: ms_active_directory.core.ad_domain.ADDomain = None, skip_validation: bool = False) -> ms_active_directory.core.ad_session.ADSessionCreate a session with this trusted domain that functionally transfers the authentication of a given session.This is useful for transferring a kerberos/ntlm session to create new sessions for querying in trusted domainswithout needing to provide credentials ever time.:param ad_session: The active directory session to transfer. This session will not be altered.:param converted_ad_domain: Optional. If a caller wants to specify information like an AD site, or ldapserver preferences, or if the caller simply wants to avoid having DNS lookupsand RTT measurements done every single time they transfer a session because theyhave a lot of sessions to transfer, then they can specify an ADDomain objectthat represents the converted ADTrustedDomain.If not specified, an ADDomain will be created for the trusted domain duringtransfer.:param skip_validation: Optional. If set to False, validation checks about the trusted domain being an AD domainor the trusted domain trusting the primary domain for users originating from theprimary domain will be skipped. This can be set to True in scenarios where the trusthas been reconfigured on the trusted domain, but the primary domain has stale info,to avoid needing to wait for changes to propagate to make use of the new trust.If not specified, defaults to True.:returns: An ADSession representing the transferred authentication to the trusted domain.:raises: SessionTransferException If any validation fails when transferring the session.:raises: Other LDAP exceptions if the attempt to bind the transfer session in the trusted domain fails due toauthentication issues (e.g. trying to use a non-transitive trust when transferring a user that isnot from the primary domain, transferring across a one-way trust when skipping validation,transferring to a domain using SID filtering to restrict cross-domain users)get_fqdn(self) -> strReturns the FQDN of the trusted domain.get_netbios_name(self) -> strReturns the netbios name of the trusted domain.get_posix_offset(self) -> intReturns the posix offset for the trust relationship. This is specific to the primary domain.get_raw_trust_attributes_value(self) -> intReturns the raw trust attributes value, which is a bitstring indicating properties of the trust.is_active_directory_domain_trust(self) -> boolReturns True if the trusted domain is an Active Directory domain.is_bidirectional_trust(self) -> boolReturns True if the trust is mutual, meaning the primary domain trusts users from the trusted domain, andthe trusted domain trusts users from the primary domain.is_cross_forest_trust(self) -> boolReturns True if the trust relationship is a cross-forest trust.is_cross_organization_trust(self) -> boolReturns True if the trust relationship is a cross-organization trust.is_disabled(self) -> boolReturns True if the trust relationship has been disabled.is_findable_via_netlogon(self) -> boolReturns True if the trusted domain is findable in netlogon and the trust works there.is_in_same_forest_as_primary_domain(self) -> boolReturns True if the trusted domain is in the same forest as the primary domain. For example,both “americas.my-corp.net” and “emea.my-corp.net” might be subdomains within the “my-corp.net”forest.is_mit_trust(self) -> boolReturns True if the trusted domain is an MIT Kerberos Realm.is_non_active_directory_windows_trust(self) -> boolReturns True if the trusted domain is a non-Active Directory windows domain.is_transitive_trust(self) -> boolReturns True if the trust relationship is transitive. If a relationship is transitive, then that meansthat if A trusts principals from B, and B trusts principals from C, then A will also trust principals from Ceven if it doesn’t explicitly know that C exists.Cross-forest trusts are inherently transitive unless transitivity is disabled. Cross-domain trusts are notinherently transitive.is_trusted_by_primary_domain(self) -> boolReturns True if the primary domain trusts users originating in the trusted domain.mit_trust_uses_rc4_hmac_for(self) -> boolReturns True to indicate that this trusted MIT Kerberos Realm can use RC4-HMAC encryption.This is only relevant for MIT Kerberos Realms, and is a legacy attribute from a time whenRC4-HMAC was not widely adopted, AES128/AES256 weren’t standard in AD, and only the less securesingle-DES encryption mechanisms were shared between MIT and AD by default.should_treat_as_external_trust(self) -> boolReturns True if the trusted domain is configured such that it should be explicitly treated asif the trusted domain is external to the forest of the primary domain, despite being within it.trusts_primary_domain(self) -> boolReturns True if the trusted domain trusts users originating in the primary domain.uses_sid_filtering(self) -> boolReturns True if this relationship employs SID filtering. This is common in forest trusts/transitive trustsin order to ensure some level of control over which users from other domains are allowed to operate withinthe primary domain.———————————————————————-Data descriptors defined here:__dict__dictionary for instance variables (if defined)__weakref__list of weak references to the object (if defined)