controllers.active_directory_controller module

class controllers.active_directory_controller.ActiveDirectoryController(config=None, client=None, call_back=None)[source]

Bases: cohesity_management_sdk.controllers.base_controller.BaseController

A Controller to access Endpoints in the cohesity_management_sdk API.

add_active_directory_principals(body=None)[source]

Does a POST request to /public/activeDirectory/principals.

After a group or user has been added to a Cohesity Cluster, the referenced Active Directory principal can be used by the Cohesity Cluster. In addition, this operation maps Cohesity roles with a group or user and this mapping defines the privileges allowed on the Cohesity Cluster for the group or user. For example if an ‘management’ group is created on the Cohesity Cluster for the Active Directory ‘management’ principal group and is associated with the Cohesity ‘View’ role, all users in the referenced Active Directory ‘management’ principal group can log in to the Cohesity Dashboard but will only have view-only privileges. These users cannot create new Protection Jobs, Policies, Views, etc. NOTE: Local Cohesity users and groups cannot be created by this operation. Local Cohesity users or groups do not have an associated Active Directory principals and are created directly in the default LOCAL domain.

Args:
body (list of ActiveDirectoryPrincipalsAddParameters, optional):

Request to add groups or users to the Cohesity Cluster.

Returns:
list of AddedActiveDirectoryPrincipal: Response from the API.

Success

Raises:
APIException: When an error occurs while fetching the data from

the remote API. This exception includes the HTTP Response code, an error message, and the HTTP body that was received in the request.

create_active_directory_entry(body)[source]

Does a POST request to /public/activeDirectory.

After a Cohesity Cluster has been joined to an Active Directory domain, the users and groups in the domain can be authenticated on the Cohesity Cluster using their Active Directory credentials.

Args:
body (CreateActiveDirectoryEntryParams): Request to join an Active

Directory.

Returns:

ActiveDirectoryEntry: Response from the API. Success

Raises:
APIException: When an error occurs while fetching the data from

the remote API. This exception includes the HTTP Response code, an error message, and the HTTP body that was received in the request.

create_enable_trusted_domain_discovery(body, name)[source]

Does a POST request to /public/activeDirectory/{name}/enableTrustedDomainState.

Updates the states of trusted domains discovery.

Args:
body (UpdateTrustedDomainEnableParams): Request to update enable

trusted domains state of an Active Directory.

name (string): Specifies the Active Directory Domain Name.

Returns:

ActiveDirectoryEntry: Response from the API. Success

Raises:
APIException: When an error occurs while fetching the data from

the remote API. This exception includes the HTTP Response code, an error message, and the HTTP body that was received in the request.

delete_active_directory_entry(body)[source]

Does a DELETE request to /public/activeDirectory.

Deletes the join of the Cohesity Cluster to the specified Active Directory domain. After the deletion, the Cohesity Cluster no longer has access to the principals on the Active Directory. For example, you can no longer log in to the Cohesity Cluster with a user defined in a principal group of the Active Directory domain.

Args:
body (ActiveDirectoryEntry): Request to delete a join with an

Active Directory.

Returns:

void: Response from the API. No Content

Raises:
APIException: When an error occurs while fetching the data from

the remote API. This exception includes the HTTP Response code, an error message, and the HTTP body that was received in the request.

get_active_directory_domain_controllers(domain_name=None)[source]

Does a GET request to /public/activeDirectory/domainControllers.

List the domain controllers for a domain.

Args:

domain_name (string, optional): Specifies the domain name

Returns:

DomainControllers: Response from the API. Success

Raises:
APIException: When an error occurs while fetching the data from

the remote API. This exception includes the HTTP Response code, an error message, and the HTTP body that was received in the request.

get_active_directory_entry(domains=None, tenant_ids=None, all_under_hierarchy=None)[source]

Does a GET request to /public/activeDirectory.

After a Cohesity Cluster has been joined to an Active Directory domain, the users and groups in the domain can be authenticated on the Cohesity Cluster using their Active Directory credentials. NOTE: The userName and password fields are not populated by this operation.

Args:
domains (list of string, optional): Specifies the domains to fetch

active directory entries.

tenant_ids (list of string, optional): TenantIds contains ids of

the tenants for which objects are to be returned.

all_under_hierarchy (bool, optional): AllUnderHierarchy specifies

if objects of all the tenants under the hierarchy of the logged in user’s organization should be returned.

Returns:

list of ActiveDirectoryEntry: Response from the API. Success

Raises:
APIException: When an error occurs while fetching the data from

the remote API. This exception includes the HTTP Response code, an error message, and the HTTP body that was received in the request.

list_centrify_zones(domain_name=None)[source]

Does a GET request to /public/activeDirectory/centrifyZones.

Fetches the list centrify zones of an active directory domain.

Args:
domain_name (string, optional): Specifies the fully qualified

domain name (FQDN) of an Active Directory.

Returns:

list of ListCentrifyZone: Response from the API. Success

Raises:
APIException: When an error occurs while fetching the data from

the remote API. This exception includes the HTTP Response code, an error message, and the HTTP body that was received in the request.

search_active_directory_principals(domain=None, object_class=None, search=None, sids=None, include_computers=None)[source]

Does a GET request to /public/activeDirectory/principals.

Optionally limit the search results by specifying security identifiers (SIDs), an object class (user or group) or a substring. You can specify SIDs or a substring but not both.

Args:
domain (string, optional): Specifies the domain name of the

principals to search. If specified the principals in that domain are searched. Domain could be an Active Directory domain joined by the Cluster or any one of the trusted domains of the Active Directory domain or the LOCAL domain. If not specified, all the domains are searched.

object_class (ObjectClassSearchActiveDirectoryPrincipalsEnum,

optional): Optionally filter by a principal object class such as ‘kGroup’ or ‘kUser’. If ‘kGroup’ is specified, only group principals are returned. If ‘kUser’ is specified, only user principals are returned. If not specified, both group and user principals are returned. ‘kUser’ specifies a user object class. ‘kGroup’ specifies a group object class. ‘kComputer’ specifies a computer object class. ‘kWellKnownPrincipal’ specifies a well known principal.

search (string, optional): Optionally filter by matching a

substring. Only principals in the with a name or sAMAccountName that matches part or all of the specified substring are returned. If specified, a ‘sids’ parameter should not be specified.

sids (list of string, optional): Optionally filter by a list of

security identifiers (SIDs) found in the specified domain. Only principals matching the specified SIDs are returned. If specified, a ‘search’ parameter should not be specified.

include_computers (bool, optional): Specifies if Computer/GMSA

accounts need to be included in this search.

Returns:

list of ActiveDirectoryPrincipal: Response from the API. Success

Raises:
APIException: When an error occurs while fetching the data from

the remote API. This exception includes the HTTP Response code, an error message, and the HTTP body that was received in the request.

update_active_directory_id_mapping(body, name)[source]

Does a PUT request to /public/activeDirectory/{name}/idMappingInfo.

Updates the user id mapping info of an Active Directory.

Args:
body (IdMappingInfo): Request to update user id mapping of an

Active Directory.

name (string): Specifies the Active Directory Domain Name.

Returns:

ActiveDirectoryEntry: Response from the API. Success

Raises:
APIException: When an error occurs while fetching the data from

the remote API. This exception includes the HTTP Response code, an error message, and the HTTP body that was received in the request.

update_active_directory_ignored_trusted_domains(body, name)[source]

Does a PUT request to /public/activeDirectory/{name}/ignoredTrustedDomains.

Updates the list of trusted domains to be ignored during trusted domain discovery of an Active Directory.

Args:
body (UpdateIgnoredTrustedDomainsParams): Request to update the

list of ignored trusted domains of an AD.

name (string): Specifies the Active Directory Domain Name.

Returns:

ActiveDirectoryEntry: Response from the API. Success

Raises:
APIException: When an error occurs while fetching the data from

the remote API. This exception includes the HTTP Response code, an error message, and the HTTP body that was received in the request.

update_active_directory_ldap_provider(body, name)[source]

Does a PUT request to /public/activeDirectory/{name}/ldapProvider.

Updates the LDAP provide Id for an Active Directory domain.

Args:
body (UpdateLdapProviderParams): Request to update the LDAP

provider info.

name (string): Specifies the Active Directory Domain Name.

Returns:

ActiveDirectoryEntry: Response from the API. Success

Raises:
APIException: When an error occurs while fetching the data from

the remote API. This exception includes the HTTP Response code, an error message, and the HTTP body that was received in the request.

update_active_directory_machine_accounts(body, name)[source]

Does a POST request to /public/activeDirectory/{name}/machineAccounts.

Updates the machine accounts of an Active Directory.

Args:
body (UpdateMachineAccountsParams): Request to update machine

accounts of an Active Directory.

name (string): Specifies the Active Directory Domain Name.

Returns:

ActiveDirectoryEntry: Response from the API. Success

Raises:
APIException: When an error occurs while fetching the data from

the remote API. This exception includes the HTTP Response code, an error message, and the HTTP body that was received in the request.

update_preferred_domain_controllers(body, name)[source]

Does a PUT request to /public/activeDirectory/{name}/preferredDomainControllers.

Updates the preferred domain controllers of an Active Directory

Args:
body (list of PreferredDomainController): Request to update

preferred domain controllers of an Active Directory.

name (string): Specifies the Active Directory Domain Name.

Returns:

ActiveDirectoryEntry: Response from the API. Success

Raises:
APIException: When an error occurs while fetching the data from

the remote API. This exception includes the HTTP Response code, an error message, and the HTTP body that was received in the request.