ActiveDirectoryMCP
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@ActiveDirectoryMCPlist all disabled user accounts in the domain"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
ActiveDirectoryMCP - Enhanced Active Directory MCP Server
A comprehensive Python-based Model Context Protocol (MCP) server for managing Active Directory environments through LDAP. This project provides powerful tools for user management, group operations, computer account management, organizational unit administration, and security auditing.
๐ Features
๐ฅ Complete User Management
Create, modify, and delete user accounts
Password management and reset functionality
Enable/disable user accounts
Group membership analysis
User permission auditing
๐ Advanced Group Management
Create and manage security and distribution groups
Group scope management (Global, DomainLocal, Universal)
Member addition and removal
Nested group analysis
Group membership reporting
๐ป Computer Account Management
Create and manage computer objects
Computer account lifecycle management
Stale computer detection
Computer group memberships
Service Principal Name management
๐ข Organizational Unit Operations
Create, modify, and delete OUs
OU hierarchy management
Move objects between OUs
OU content analysis
Group Policy link information
๐ก๏ธ Security and Audit Tools
Domain security policy analysis
Privileged group monitoring
Inactive user detection
Password policy compliance checking
Administrative account auditing
Permission analysis and reporting
๐ Multiple Transport Options
Stdio Transport: Traditional MCP communication
HTTP Transport: FastMCP-based HTTP transport on port 8813
Docker Deployment: Production-ready containerization
MCP Inspector: Compatible with debugging tools
๐งช Quality Assurance
129/129 Tests Passing: 100% test success rate across all modules
Complete Test Coverage: All 5 tool modules fully tested
LDAP3 Compatible: Latest library compatibility ensured
Production Ready: Thoroughly tested and validated
Enterprise Testing: Unit, Integration, and Performance tests
Comprehensive Coverage: Config, LDAP, tools, workflows, and performance
Samba AD Test Environment: Real AD protocols for testing
๐ Prerequisites
Python 3.9 or higher
UV package manager (recommended) or pip
Access to Active Directory with appropriate permissions
LDAP/LDAPS connectivity to domain controllers
๐ ๏ธ Installation
Option 1: Quick Install (Recommended)
Clone and set up environment:
# Clone repository git clone https://github.com/alpadalar/ActiveDirectoryMCP.git cd ActiveDirectoryMCP # Create and activate virtual environment uv venv source .venv/bin/activate # Linux/macOS # OR .\.venv\Scripts\Activate.ps1 # WindowsInstall dependencies:
# Install with development dependencies uv pip install -e ".[dev]"Create configuration:
# Create config directory and copy template mkdir -p ad-config cp ad-config/config.example.json ad-config/config.jsonConfigure Active Directory connection:
{ "active_directory": { "server": "ldap://dc.example.com:389", "domain": "example.com", "base_dn": "DC=example,DC=com", "bind_dn": "CN=service-account,OU=Service Accounts,DC=example,DC=com", "password": "your-service-account-password" }, "organizational_units": { "users_ou": "OU=Users,DC=example,DC=com", "groups_ou": "OU=Groups,DC=example,DC=com", "computers_ou": "OU=Computers,DC=example,DC=com", "service_accounts_ou": "OU=Service Accounts,DC=example,DC=com" } }
Verifying Installation
# Test configuration
python -c "import active_directory_mcp; print('Installation OK')"
# Run tests
pytest
# Test LDAP connection
AD_MCP_CONFIG="ad-config/ad-config.json" python -m active_directory_mcp.server๐ Running the Server
๐ญ Production Deployment
Deploy to production with existing Active Directory:
# 1. Configure for your AD environment
cp ad-config/production-config.example.json ad-config/ad-config.json
# Edit ad-config.json with your AD server details
# 2. Deploy ActiveDirectoryMCP
docker compose up -d
# 3. Verify deployment
docker compose ps
docker compose logs activedirectory-mcp๐ Production URL: http://localhost:8813/activedirectory-mcp
Production Features:
โ Connects to existing AD infrastructure
โ SSL/TLS security
โ Resource limits & health checks
โ Production logging
๐งช Development/Test Environment
For development with included test LDAP server:
# 1. Start test environment
docker compose -f docker-compose-ad.yml up -d
# 2. Test the setup
python test_ad_environment.py
# 3. Access services
# - ActiveDirectoryMCP: http://localhost:8813/activedirectory-mcp
# - LDAP Admin: http://localhost:8080Test Features:
โ Includes OpenLDAP test server
โ Pre-configured test data
โ Web-based LDAP management
โ No external AD required
Development Mode (Stdio)
For testing and development with stdio transport:
# Start stdio server
./start_server.sh
# Or with custom config
AD_MCP_CONFIG="ad-config/ad-config.json" python -m active_directory_mcp.serverHTTP Mode (Local Development)
For local HTTP transport development:
# Start HTTP server
./start_http_server.sh
# Or with custom settings
python -m active_directory_mcp.server_http --host 0.0.0.0 --port 8813 --path /activedirectory-mcp๐ง Cursor/VS Code Integration
Option 1: Docker Compose (Recommended)
{
"mcpServers": {
"ActiveDirectoryMCP": {
"transport": {
"type": "http",
"url": "http://localhost:8813/activedirectory-mcp"
},
"description": "Active Directory Management with HTTP Transport"
}
}
}Option 2: Local HTTP Server
{
"mcpServers": {
"ActiveDirectoryMCP-Local": {
"transport": {
"type": "http",
"url": "http://localhost:8813/activedirectory-mcp"
},
"description": "ActiveDirectoryMCP Local Development"
}
}
}Option 3: Traditional Stdio (Legacy)
{
"mcpServers": {
"ActiveDirectoryMCP": {
"command": "/absolute/path/to/ActiveDirectoryMCP/.venv/bin/python",
"args": ["-m", "active_directory_mcp.server"],
"cwd": "/absolute/path/to/ActiveDirectoryMCP",
"env": {
"PYTHONPATH": "/absolute/path/to/ActiveDirectoryMCP/src",
"AD_MCP_CONFIG": "/absolute/path/to/ActiveDirectoryMCP/ad-config/ad-config.json"
},
"disabled": false
}
}
}๐ Available Tools & Operations
๐ฅ User Management
list_users- List users with filtering and attributesget_user- Get detailed user informationcreate_user- Create new user accountsmodify_user- Update user attributesdelete_user- Remove user accountsenable_user/disable_user- Account status managementreset_user_password- Password reset functionalityget_user_groups- Group membership analysis
๐ Group Management
list_groups- List groups with filteringget_group- Get detailed group informationcreate_group- Create security/distribution groupsmodify_group- Update group attributesdelete_group- Remove groupsadd_group_member/remove_group_member- Membership managementget_group_members- Member listing with recursion
๐ป Computer Management
list_computers- List computer accountsget_computer- Get computer detailscreate_computer- Create computer objectsmodify_computer- Update computer attributesdelete_computer- Remove computer accountsenable_computer/disable_computer- Account managementreset_computer_password- Password resetget_stale_computers- Find inactive computers
๐ข Organizational Unit Management
list_organizational_units- List OUs with hierarchyget_organizational_unit- Get OU detailscreate_organizational_unit- Create new OUsmodify_organizational_unit- Update OU attributesdelete_organizational_unit- Remove OUsmove_organizational_unit- Move OUsget_organizational_unit_contents- List OU contents
๐ก๏ธ Security & Audit
get_domain_info- Domain security settingsget_privileged_groups- Privileged group analysisget_user_permissions- User permission analysisget_inactive_users- Inactive user detectionget_password_policy_violations- Policy complianceaudit_admin_accounts- Administrative account audit
๐ง System Tools
test_connection- LDAP connectivity testhealth- Server health checkget_schema_info- Tool schema information
โ ๏ธ Note: ActiveDirectoryMCP provides 42 tools total. Some LLM models may experience issues with this many tools.
๐ Security Configuration
Service Account Setup
Create a dedicated service account in AD
Grant minimum required permissions:
Read access to domain
User/Group/Computer management permissions
Password reset permissions (if needed)
SSL/TLS Configuration
{
"active_directory": {
"server": "ldaps://dc.example.com:636",
"use_ssl": true
},
"security": {
"enable_tls": true,
"validate_certificate": true,
"ca_cert_file": "/path/to/ca-certificate.pem"
}
}Connection Pool Configuration
{
"performance": {
"connection_pool_size": 10,
"max_retries": 3,
"retry_delay": 1.0,
"page_size": 1000
}
}๐งช Testing
โ All Tests Passing (129/129) - Production Ready!
Quick Test Status
Configuration Tests: 8/8 โ
User Tools Tests: 13/13 โ
Group Tools Tests: 17/17 โ
Computer Tools Tests: 18/18 โ
Security Tools Tests: 14/14 โ
OU Tools Tests: 18/18 โ
LDAP Manager Tests: 12/12 โ
Integration Tests: 20/20 โ (End-to-end workflows)
Performance Tests: 9/9 โ (Load & stress testing)
Total: 129/129 tests passing
Run Unit Tests
# Run all tests with verbose output
pytest -v
# Run specific test categories
pytest tests/test_config.py -v # Configuration tests
pytest tests/test_ldap_manager.py -v # LDAP manager tests
pytest tests/test_user_tools.py -v # User management tests
pytest tests/test_group_tools.py -v # Group management tests
pytest tests/test_computer_tools.py -v # Computer management tests
pytest tests/test_security_tools.py -v # Security & audit tests
pytest tests/test_organizational_unit_tools.py -v # OU management tests
pytest tests/test_integration.py -v # End-to-end workflow tests
pytest tests/test_performance.py -v # Performance & load testsTest HTTP Server
# Test HTTP endpoints directly
python test_scripts/test_http_server.py
# Custom server URL
python test_scripts/test_http_server.py http://your-server:8813/activedirectory-mcpRun Integration Tests
# Test with real AD connection (requires config)
AD_MCP_CONFIG="ad-config/ad-config.json" pytest tests/test_integration.py -vRun Performance Tests
# Run performance and load tests
pytest tests/test_performance.py -v
# Run specific performance categories
pytest tests/test_performance.py::TestLargeDatasetPerformance -v # Large dataset handling
pytest tests/test_performance.py::TestConcurrentOperations -v # Concurrent operations
pytest tests/test_performance.py::TestMemoryAndResourceUsage -v # Memory usage tests
pytest tests/test_performance.py::TestStressScenarios -v # Stress testing
# Performance test features:
# - Large dataset performance (10K+ users/groups)
# - Concurrent operation testing (50+ simultaneous queries)
# - Memory usage validation
# - Sustained load scenarios
# - Connection pooling efficiency๐ข Test with LDAP/AD Environment (Recommended)
# Start LDAP/AD test environment
docker-compose -f docker-compose-ad.yml up -d
# Wait for services to be ready (30 seconds)
docker logs -f openldap-ad-dc
# Test ActiveDirectoryMCP with test environment
python test_ad_environment.py
# Expected output:
# โ
Connected to LDAP: 192.168.1.100:389
# โ
MCP Config: SUCCESS
# โ
HTTP API: SUCCESS
# ๐ Test environment ready!Test Environment Features:
๐ LDAP Directory Service with AD-style structure
๐ฅ Test users: admin, jdoe, jsmith, mwilson, testadmin
๐ Test groups: IT Department, Sales Team, Marketing, All Users
๐ฅ๏ธ Web Admin: http://localhost:8080 (cn=admin,dc=test,dc=local / Admin123!)
๐ Full testing guide: TESTING_GUIDE.md
Test HTTP API
# Health check
curl -X POST "http://localhost:8813/activedirectory-mcp" \
-H "Content-Type: application/json" \
-d '{"method": "health", "params": {}}'
# List users
curl -X POST "http://localhost:8813/activedirectory-mcp" \
-H "Content-Type: application/json" \
-d '{"method": "list_users", "params": {"ou": "OU=Users,DC=example,DC=com"}}'๐ Project Structure
ActiveDirectoryMCP/
โโโ ๐ src/ # Source code
โ โโโ active_directory_mcp/
โ โโโ server.py # Main MCP server (stdio)
โ โโโ server_http.py # HTTP MCP server
โ โโโ config/ # Configuration handling
โ โโโ core/ # Core functionality
โ โ โโโ ldap_manager.py # LDAP connection manager
โ โ โโโ logging.py # Logging configuration
โ โโโ tools/ # Tool implementations
โ โโโ user.py # User management
โ โโโ group.py # Group management
โ โโโ computer.py # Computer management
โ โโโ organizational_unit.py # OU management
โ โโโ security.py # Security & audit tools
โ
โโโ ๐ tests/ # Comprehensive test suite (129 tests)
โ โโโ test_config.py # Configuration tests (8)
โ โโโ test_ldap_manager.py # LDAP manager tests (12)
โ โโโ test_user_tools.py # User management tests (13)
โ โโโ test_group_tools.py # Group management tests (17)
โ โโโ test_computer_tools.py # Computer management tests (18)
โ โโโ test_security_tools.py # Security & audit tests (14)
โ โโโ test_organizational_unit_tools.py # OU management tests (18)
โ โโโ test_integration.py # End-to-end workflow tests (20)
โ โโโ test_performance.py # Performance & load tests (9)
โโโ ๐ ad-config/ # Configuration files
โ โโโ ad-config.json # Main server configuration
โ โโโ config.example.json # Example configuration
โ โโโ production-config.example.json # Production example
โ
โโโ ๐ Configuration Files
โ โโโ pyproject.toml # Project metadata
โ โโโ docker-compose.yml # Production deployment
โ โโโ docker-compose-ad.yml # Test environment with LDAP
โ โโโ Dockerfile # Container definition
โ โโโ requirements.in # Dependencies
โ
โโโ ๐ Scripts
โโโ start_server.sh # Stdio server launcher
โโโ start_http_server.sh # HTTP server launcher๐ Troubleshooting
โ Recent Fixes (v0.1.0)
LDAP3 Compatibility: Fixed TLS configuration compatibility with latest ldap3 library
Test Suite: All 43 tests now passing successfully (100% success rate)
Mock Issues: Resolved integration test mocking for error scenarios
Security Config: Removed deprecated LDAP parameters for better compatibility
Common Issues
LDAP Connection Failed
# Test connectivity ldapsearch -H ldap://dc.example.com -D "CN=user,DC=example,DC=com" -W -b "DC=example,DC=com" "(objectClass=domain)"Permission Denied
Verify service account permissions
Check OU access rights
Ensure proper LDAP bind DN
SSL/TLS Issues
# Test SSL connection openssl s_client -connect dc.example.com:636 -showcertsPort Already in Use
# Check port usage netstat -tlnp | grep 8813 # Change port if needed HTTP_PORT=8814 ./start_http_server.shโ ๏ธ LLM Tool Limit Warning
Some LLM models may experience issues with 40+ tools in context.
View Logs
# Container logs
docker logs activedirectory-mcp -f
# Local logs
tail -f active_directory_mcp.log๐ค Contributing
Fork the repository
Create a feature branch (
git checkout -b feature/amazing-feature)Commit your changes (
git commit -m 'Add amazing feature')Push to the branch (
git push origin feature/amazing-feature)Open a Pull Request
๐ License
This project is licensed under the MIT License - see the LICENSE file for details.
๐ Acknowledgments
Inspired by ProxmoxMCP-Extended
Built with the Model Context Protocol (MCP) SDK
LDAP integration powered by ldap3 library
FastMCP for HTTP transport capabilities
โ Production Ready! ๐ Your comprehensive Active Directory MCP service is fully tested (129/129 tests passing) and ready for production deployment with complete HTTP transport support, performance validation, and enterprise-grade reliability.
๐ Related Projects
ProxmoxMCP-Extended - Proxmox virtualization management
Model Context Protocol - Official MCP documentation
FastMCP - FastMCP for HTTP transport
This server cannot be installed
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/alpadalar/ActiveDirectoryMCP'
If you have feedback or need assistance with the MCP directory API, please join our Discord server