Active Directory Server
MCP server for Active Directory user management with PowerShell backend
Installation
npx mcp-active-directory-serverAsk AI about Active Directory Server
Powered by Claude Β· Grounded in docs
I know everything about Active Directory Server. Ask me about installation, configuration, usage, or troubleshooting.
0/500
Reviews
Documentation
mcp-active-directory-server
MCP server for Active Directory management with Python server and PowerShell backend
ποΈ Architecture Overview
Claude Desktop β MCP Protocol β Python Server β PowerShell β Active Directory
The system uses a 3-tier architecture:
- Presentation Layer : Claude Desktop (AI interface)
- Application Layer : Python MCP Server (protocol handler & orchestrator)
- Data Layer : PowerShell Script β Active Directory (actual AD operations)
π Component Breakdown
1. simple_mcp_server.py - The MCP Protocol Bridge π
Role: Acts as the main orchestrator and protocol translator
What it does:
-
Protocol Handler : Implements the Model Context Protocol (MCP) JSON-RPC 2.0 specification
-
Tool Registry: Defines 14 available tools for Claude to use:
- 6 Basic tools (user management, groups, connections)
- 8 Advanced tools (domain info, forest info, trusts, replication, etc.)
-
Credential Manager: Securely retrieves AD service account credentials from Windows Credential Manager
-
PowerShell Orchestrator: Executes the PowerShell script with appropriate parameters
-
Response Formatter: Converts PowerShell JSON output into MCP-compliant responses
Key Functions:
async def handle_request(request) # Handles MCP protocol requests
async def run_powershell_script() # Executes PowerShell operations
async def get_credentials_from_credential_manager() # Security layer
2. ad_operations.ps1 - The Active Directory Workhorse βοΈ
Role: Contains all actual Active Directory operations and business logic
What it does:
- AD Operations: 14 distinct functions for different AD tasks
- Input Validation: Handles JSON parameter parsing and validation
- Credential Management: Uses provided domain credentials for AD authentication
- Error Handling: Comprehensive try-catch blocks with structured error responses
- Structured Output: Returns JSON-formatted results for consistent processing
Function Categories:
Basic Operations (6):
Create-User # New-ADUser operations
Modify-User # Set-ADUser operations
Add-UserToGroup # Add-ADGroupMember
Remove-UserFromGroup # Remove-ADGroupMember
Get-UserInfo # Get-ADUser with all properties
Test-ADConnection # Domain connectivity test
Enhanced Operations (8):
Get-DomainInfo # Get-ADDomain equivalent
Get-ForestInfo # Get-ADForest equivalent
Get-TrustInfo # Get-ADTrust relationships
Get-DomainPasswordPolicy # Get-ADDefaultDomainPasswordPolicy
Get-ReplicationStatus # AD replication health
Get-AllUserAttributes # Deep user inspection
Get-AllComputerAttributes # Deep computer inspection
Get-SitesAndServices # Sites, links, subnets
3. Security & Configuration Layer π
Credential Management:
- Uses Windows Credential Manager for secure credential storage
- Target: "MCPActiveDirectory"
- Service account with minimal required permissions
- No hardcoded passwords in scripts
Configuration Variables:
$TargetOU = "OU=ManagedUsers,DC=demo,DC=local" # Managed OU
$DomainName = "demo.local" # Domain name
$DefaultPassword = "TempPassword123!" # Initial password (this will be used if no password is supplied)
π Data Flow Architecture
1. Request Flow (Claude β AD)
Claude Desktop
β (User request: "Create user John Smith")
Python MCP Server
β (Validates request, formats parameters)
β (Retrieves credentials from Credential Manager)
β (Calls PowerShell with JSON data)
PowerShell Script
β (Parses JSON, authenticates to AD)
β (Executes New-ADUser cmdlet)
Active Directory
2. Response Flow (AD β Claude)
Active Directory
β (Returns AD object/status)
PowerShell Script
β (Formats as JSON with success/error status)
Python MCP Server
β (Receives JSON, validates, formats for MCP)
β (Creates MCP-compliant response)
Claude Desktop
β (Displays formatted result to user)
π― Component Responsibilities
Python Server Responsibilities:
- β MCP protocol compliance
- β Tool registration and discovery
- β Security (credential retrieval)
- β Error handling and logging
- β Async operation handling
- β JSON-RPC 2.0 implementation
PowerShell Script Responsibilities:
- β All Active Directory operations
- β Parameter validation and sanitization
- β Domain authentication
- β Business logic implementation
- β Structured error reporting
- β Comprehensive data retrieval
Security Model:
- π Credentials: Stored in Windows Credential Manager (encrypted)
- π Authentication: Service account with minimal permissions
- π Scope: Limited to specific OU (ManagedUsers)