Ms-active-directory

Added windows path support and made some performance improvements.

Previously, only LDAP distinguished names were supported for most operations.
However, not everyone is comfortable with that style of naming. Many people
on windows are familiar with canonical names (also called "windows path style"
naming).
For example, OU=nested-org,OU=org,CN=org-containers,DC=example,DC=com
would be example.com/org-containers/org/nested-org

The library now supports looking up these names and using them for things like
domain joining.

There's also some minor performance enhancements. There's now an option to
skip validation that names exist in the domain for many lookup operations and
other operations. This makes actions such as bulk addition of users to groups
or modifications of users/groups/computers more efficient when utilized, as
it removes all of the existence check queries. This is useful for those who are
planning to guarantee the existence of things externally.

Added extended multi-domain support - the library now supports transferring authenticated session from one AD Domain to other trusted domains.

This action can be taken on a trusted domain with a session.
If this is done, it transfers all connection attributes, including authentication
attributes, network attributes/strategies, and formatting-related
attributes, from the existing session and tries to authenticate a new
session with the trusted domain.

A function also exists in a session to create transfer sessions to
all trusted domains. This allows a caller to spin out their sessions
and create new sessions. It could even be done recursively to get
sessions for all of the domains that are connected in the trust web
that a user is trusted within.

Made a small enhancement to netbios name querying when subdomains
and parent domains exist.
Included minor README corrections.
Added a feature roadmap document to track plans for the library.

Added basic multi-domain support.

Added support for discovering trusted domains, of various types, and attributes about them such as whether the trust is transitive, whether it's bidirectional, whether SID filtering is in use, etc.
Added support for turning Active Directory domain trust objects into Active Directory domain objects.

Added a few more utility functions, like checking if a session's user if a member of the session's domain.
Beefed up type annotations.
Fixed a few small bugs around shared servers across sessions.

Changed the naming style for computer objects and added a lot of new computer functionality.

Renamed the ad_computers.py file to managed_ad_objects.py and renamed
ad_users_and_groups.py to ad_objects.py

Descendants of ADObject represent objects in AD that we've read and
may make modifications to, but that we did not create and cannot
act as.
ManagedADObject and its descendents are objects that we can act as,
and have a password defined for them at a minimum (and kerberos
keys can be generated for them too).

This rename is technically a breaking change, but the library only
has like 5 users so that's ok and we should pull the trigger sooner
rather than later.

A bunch of computer management functions have also been added.
The same style of functions that existed for users and groups now
exist for computers. Find by various names/attributes, find groups
for computers, modify attributes in various ways, etc.
The type annotations for functions to change passwords and whatnot
have been expanded to include the new ADComputer object type used
in these functions.

Also loosened how we accept authentication mechanisms when creating
sessions in order to make it easier to use SASL authentication without
knowing whether something is a sasl mech or an authentication mech.

Added support for modifying attributes of users, groups, and objects.

Added support for:
- Atomically append one or more values to a single attribute.
- Atomically append values to multiple different attributes.
- Atomically overwrite the value of a single attribute.
- Atomically overwrite the values of multiple attributes.

Both append and overwrite will succeed at setting values for fields that currently have no value.
Append will atomically add more values for a multi-valued attribute and will fail to update single-valued attributes that have a value already. The atomicity is done server-side - so there's no read and write-back. Whether duplicates are allowed and how values are validated depends on the attribute and server policies.
Overwrite will overwrite both single and multi-valued attributes with ease, regardless of their current values. The validation of the value used to overwrite is still done server side.

Added support for enabling and disabling accounts.

Many automated account de-provisioning systems will disable accounts before deleting them. This allows quick rollback in case of disruption by simply re-enabling the account.
This supports enabling/disabling both users and computers.