mcp-active-directory

This MCP server provides a Python-based MCP protocol bridge that orchestrates Active Directory operations via a PowerShell backend. It exposes a suite of 14 tools (6 basic user/group/connection operations and 8 advanced AD information tasks) that Claude can invoke through the MCP JSON-RPC 2.0 interface. The Python server handles protocol translation, credential retrieval from Windows Credential Manager, and formatting of PowerShell results back into MCP-compliant responses, enabling seamless, secure AD management through Claude Desktop.

To use it, start the Python MCP server (mcp-active-directory) as configured. Claude can then request operations such as creating a user, modifying user attributes, adding a user to a group, or querying domain/forest information. All AD interactions are performed by the PowerShell script behind the scenes, with credentials securely retrieved by the Python layer and never exposed in plain text.

Prerequisites:

• Windows server with PowerShell available
• Python 3.x installed on the host running the MCP server
• Windows Credential Manager access from the host
• Active Directory domain reachable from the host

Installation steps:

1. Install Python dependencies (if any are specified in a requirements file):
   • pip install -r requirements.txt
2. Ensure the PowerShell script ad_operations.ps1 is present in the same directory as the Python server (simple_mcp_server.py).
3. Ensure Windows Credential Manager contains a credential entry with the target name MCPActiveDirectory for the service account used by AD operations.
4. Configure environment variables (optional but recommended):
   • TARGET_OU: OU=ManagedUsers,DC=demo,DC=local
   • DOMAIN_NAME: demo.local
   • DEFAULT_PASSWORD: TempPassword123!
5. Run the MCP server:
   • python simple_mcp_server.py
6. Verify the MCP endpoint by issuing a test JSON-RPC request from Claude or a test client that adheres to MCP 2.0.

Notes and tips:

• The PowerShell backend contains 14 functions covering basic user/group operations and advanced AD information tasks. Familiarize yourself with the exact function names exposed by ad_operations.ps1 to craft correct MCP tool invocations.
• Credentials are retrieved from Windows Credential Manager under the target MCPActiveDirectory; ensure the credential exists and has the minimal required permissions for AD operations.
• The configuration is scoped to the OU specified by TARGET_OU and the domain in DOMAIN_NAME; adjust these values to fit your environment if needed.
• For troubleshooting, check the Python server logs for MCP protocol handling and any errors returned by the PowerShell script, then inspect the PowerShell script error handling and JSON output formatting.
• If you encounter authentication issues, verify network connectivity to the domain controller, proper SPNs, and that the service account has sufficient rights for the requested operations.