Skills MCP AD
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@Skills MCP ADReset the password for user bwayne and unlock their account"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
About
Active Directory MCP is an open-source Model Context Protocol server that lets AI assistants (Claude, Gemini CLI, ChatGPT via API, etc.) safely manage Active Directory environments.
Key features
47 tools covering users, groups, computers, OUs, security, audit, and 15 MSP prompt playbooks.
Three transports: stdio (
server.py), Streamable HTTP via FastMCP (server_http.py), and Streamable HTTP via FastAPI (server_fastapi.py).Multi-tenant by design: each instance binds to its own AD via
AD_MCP_CONFIG; the same codebase can serve unlimited tenants from one host.Write-operation guard rails: every mutating tool requires either a per-tenant client confirmation string or an automation Bearer token before touching AD.
Audit log on every operation: each call records operation name, target, mode (CONFIRMED / AUTOMATION / NO_CONFIRMATION_REQUIRED), and outcome.
Naming convention
All MCP tool names use the ad_* prefix with a descriptive suffix — e.g. ad_list_users_with_filters, ad_create_user_account, ad_disable_computer_account_trust. This avoids collisions when this MCP runs alongside other servers (GLPI, Hudu, etc.) connected to the same AI client.
Related MCP server: ActiveDirectoryMCP
Multi-tenant architecture
This MCP is designed to run as one process per tenant, all sharing the same code:
.base-code/ <- this repository (shared source of truth)
src/active_directory_mcp/
ad-config/
ad-config.example.json <- template only (real configs are .gitignored)
<deployment>/ <- one directory per tenant, OUTSIDE this repo
tenant-a/
ad-config/ad-config.json <- real credentials (NEVER committed)
start.sh <- exports AD_MCP_CONFIG and launches the server
tenant-b/
ad-config/ad-config.json
start.shEach start.sh exports AD_MCP_CONFIG pointing at that tenant's config and runs python -m active_directory_mcp.server_http on a dedicated port. Update the shared .base-code/ once, restart all tenants — same code, isolated state.
Quick Start
Prerequisites
Python 3.11+
LDAP/LDAPS reachable from the host
An AD service account with the permissions required by the operations you plan to expose
1. Install
git clone https://github.com/DevSkillsIT/Skills-MCP-AD.git
cd Skills-MCP-AD
python -m venv .venv
source .venv/bin/activate # Linux/macOS
# .venv\Scripts\activate # Windows
pip install -e . # installs from pyproject.toml2. Configure
mkdir -p /etc/ad-mcp
cp ad-config/ad-config.example.json /etc/ad-mcp/ad-config.json
$EDITOR /etc/ad-mcp/ad-config.json # set server, bind_dn, password, base_dn, OUs
chmod 600 /etc/ad-mcp/ad-config.jsonThe example file is the only template kept in git. Any real
ad-config.jsonis blocked by.gitignore(ad-config/*.json+!ad-config/*.example.json).
3. Run
export AD_MCP_CONFIG=/etc/ad-mcp/ad-config.json
# stdio transport (for direct Claude Desktop / mcp-cli use):
python -m active_directory_mcp.server
# HTTP transport (for Claude Code, Gemini CLI, n8n, etc.):
python -m active_directory_mcp.server_http --host 0.0.0.0 --port 8813 --path /activedirectory-mcp4. Connect from Claude Code
claude mcp add --transport http ad http://localhost:8813/activedirectory-mcp \
--headers "Authorization: Bearer YOUR_AUTOMATION_TOKEN"5. Connect from Gemini CLI
~/.gemini/settings.json:
{
"mcpServers": {
"ad": {
"httpUrl": "http://localhost:8813/activedirectory-mcp",
"headers": { "Authorization": "Bearer YOUR_AUTOMATION_TOKEN" },
"timeout": 30000
}
}
}Tools
All tools use the ad_* prefix. Tools marked as Write require a confirmation string OR an automation Bearer token.
Tenant identification (3)
Tool | Operation |
| Return tenant info for this instance (call first) |
| List all clients registered in the client registry |
| Check if a given client slug has an AD configured |
User management (9)
Tool | Write | Operation |
| — | List users (optionally filtered by OU/criteria) |
| — | Fetch user attributes by sAMAccountName |
| — | List groups a user is member of |
| yes | Create a new user |
| yes | Modify user attributes |
| yes | Delete a user |
| yes | Enable user account |
| yes | Disable user account |
| yes | Reset password (force change on next login) |
Group management (8)
Tool | Write | Operation |
| — | List groups |
| — | Fetch group attributes |
| — | List members, optionally recursive |
| yes | Create security or distribution group |
| yes | Modify group attributes |
| yes | Delete a group |
| yes | Add member |
| yes | Remove member |
Computer management (8)
Tool | Write | Operation |
| — | List computers |
| — | Fetch computer attributes |
| — | List computers idle for N+ days |
| yes | Create computer object |
| yes | Modify computer attributes |
| yes | Delete computer object |
| yes | Enable computer account |
| yes | Disable computer account |
| yes | Reset computer secure-channel password |
Organizational Unit management (7)
Tool | Write | Operation |
| — | List OUs (recursive option) |
| — | Fetch OU attributes |
| — | List objects inside an OU |
| yes | Create OU |
| yes | Modify OU |
| yes | Delete OU (force=true to delete non-empty) |
| yes | Move OU to a new parent |
Security & audit (6)
Tool | Operation |
| Domain info + password/lockout policy |
| List privileged groups (Domain Admins, Enterprise Admins, etc.) |
| Show effective permissions for a user |
| Users with no logon for N+ days |
| Accounts violating the password policy |
| Audit privileged account hygiene |
MSP prompts (2 tools + 15 prompts)
Tool | Operation |
| List the 15 professional MSP playbooks (manager & analyst) |
| Execute a named playbook with arguments |
See PROMPTS.md for the full prompt catalog (security audit, onboarding, offboarding, password reset playbook, etc.).
System (4)
Tool | Operation |
| LDAP connectivity probe |
| Full health check (server + LDAP search test + stats) |
| Self-describing schema of all registered tools |
Configuration
The runtime configuration file path is provided via the AD_MCP_CONFIG environment variable. Schema in ad-config/ad-config.example.json.
Key fields
Field | Required | Description |
| yes | Primary LDAP URL, e.g. |
| no | Additional LDAP URLs for failover |
| yes | Full DN of the service account |
| yes | Service account password (keep file at |
| yes | Base DN, e.g. |
| yes | Default OUs for users/groups/computers/service accounts |
| no | Force StartTLS / LDAPS |
| no | Verify server certificate against |
| no | Refuse to bind over plaintext |
| no | Bearer token for unattended write operations |
| no | Tenant identifier reported by |
Service account permissions
Grant the bind account the minimum delegated rights required by the operations you intend to expose:
Read-only deployments: "Read all properties" + "List contents" on the domain root is enough.
User/group write: delegate "Create/Delete objects" + "Write all properties" on the target OUs.
Password reset: delegate the "Reset password" extended right on the target OUs.
Computer join/leave: delegate "Create/Delete computer objects" on the computers OU.
Always use a dedicated service account, LDAPS in production, and rotate the password regularly.
Security
Write protection model
Every mutating tool (ad_create_*, ad_modify_*, ad_delete_*, ad_enable_*, ad_disable_*, ad_reset_*, ad_add_*, ad_remove_*, ad_move_*) calls check_write_permission() before reaching LDAP. It accepts the write if one of:
automation_tokenmatchesautomation.tokenin the config — intended for CI / scheduled jobs.client_confirmationmatches the tenant slug — the AI assistant must callad_get_client_tenant_infofirst, read the slug back to the user, and pass that exact string.The tenant has
require_confirmation_for_writes: false(explicit opt-out, not recommended).
If none of the above is satisfied, the call short-circuits with a permitted: false message and the LDAP write is never attempted.
Audit logging
All operations write a structured log line including: timestamp, tool name, target, confirmation mode (AUTOMATION / CONFIRMED / WRONG_CONFIRMATION / NO_CONFIRMATION_REQUIRED), and success/failure. Logs go wherever logging.file points.
Secrets hygiene
Real
ad-config.jsonfiles are git-ignored. Only*.example.jsonis tracked.Never paste a config containing a real
passwordorautomation.tokeninto a chat that's logged or transcribed by a third party.Rotate
automation.tokenwhenever you regenerate it; treat it as a privileged credential.
Testing
# Unit + integration tests
pytest tests/ -v
# Coverage
pytest --cov=src --cov-report=term-missing
# Lint
ruff check .A bundled docker-compose-ad.yml spins up a Samba AD container at 192.168.1.100 plus an MCP container so the integration tests can run against a real LDAP backend without touching production.
Troubleshooting
Symptom | Likely cause | Fix |
| bad | Verify against |
| service account lacks delegated rights | Re-delegate on the target OU |
| self-signed cert without trust | Set |
| Missing confirmation/token | Call |
| socket open but LDAP search failed | Check service-account lockout / replication / network ACLs |
Contributing
Fork the repo.
Create a feature branch:
git checkout -b feat/your-feature.Run tests:
pytest.Open a PR with a clear description and a link to the relevant issue.
Commits follow Conventional Commits.
License
MIT — see LICENSE.
Acknowledgments
Based on the upstream
alpadalar/ActiveDirectoryMCPproject by Alperen Adalar.
Support
Bug reports: GitHub Issues
Discussions: GitHub Discussions
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/DevSkillsIT/Skills-MCP-AD'
If you have feedback or need assistance with the MCP directory API, please join our Discord server