Skip to content

edtrud385/Active-Directory-User-Management

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
.gitignore
.gitignore
 
 
AD-UserManagement.ps1
AD-UserManagement.ps1
 
 
CHANGELOG.md
CHANGELOG.md
 
 
Configure-ADUserMgmt.ps1
Configure-ADUserMgmt.ps1
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
SETUP.md
SETUP.md
 
 

Repository files navigation

AD User Management Tool

Read the blog post that inspired the tool: https://trgsys.com/blog/ad-user-management-blog

A PowerShell-based GUI tool for managing Active Directory users and security group membership. Designed for IT administrators and helpdesk staff who need a simple, consistent interface for common AD tasks without requiring RSAT or direct access to Active Directory Users and Computers.

PowerShell Platform License

Features

User Management

  • View all active or disabled users from configured OUs
  • Edit user attributes (name, title, department, phone, manager, email/UPN)
  • Reset passwords with secure random generation
  • Disable accounts (disables + moves to Disabled OU)
  • Enable accounts (enables + moves back to Standard OU)

Create New User

  • Auto-generates username and email from first/last name
  • Sets UPN, primary SMTP, and proxyAddresses in one step
  • Assigns manager, title, department, phone
  • Optionally adds user to a configured security group
  • Configurable password policy (must change at logon, never expires)

Security Group Membership

  • Check if a user is a member of a configured AD security group
  • Add or remove users with one click
  • Tab is hidden automatically if no group is configured

Session Security

  • Domain authentication required at launch
  • Configurable inactivity timeout with re-authentication
  • All operations performed via PowerShell Remoting (no local RSAT required)

Requirements

  • Windows 10/11 or Windows Server 2016+
  • PowerShell 5.1 or later
  • Network connectivity to the Domain Controller
  • PowerShell Remoting (WinRM) enabled on the Domain Controller
  • An AD account with delegated permissions on the target OUs

Quick Start

  1. Download or clone the repository
  2. Run the configuration wizard to generate config.json: 
    .\Configure-ADUserMgmt.ps1
  3. Launch the tool: 
    .\AD-UserManagement.ps1

See SETUP.md for detailed setup instructions, including how to find your OU distinguished names and configure delegation.

Permissions and Delegation

This tool does not enforce its own access control. The login screen validates that the user has a real domain account, but it does not check group membership. Access control is handled entirely by Active Directory permissions. If a user without the proper delegated rights launches the tool, they will authenticate successfully but every AD operation will fail with "Access Denied."

Who Should Use This Tool

This tool is intended for members of a delegated AD administration group such as:

  • Helpdesk-UserManagement
  • IT-ADAdmins
  • A custom group your organization creates for this purpose

Do not distribute this tool to end users. While they cannot cause damage without delegated permissions, the error experience is poor and the tool exposes internal OU structure and DC hostnames.

Recommended Delegation Model

See SETUP.md for step-by-step delegation instructions. In summary, create a dedicated security group and delegate the following rights on your Standard Users and Disabled Users OUs:

Permission Needed For
Reset Password Password resets
Create/Delete User Objects Creating and managing accounts
Write All Properties (User objects) Editing user attributes
Read All Properties (User objects) Viewing user details
Modify Group Membership (on the security group) Security group tab

Members of Domain Admins, Account Operators, or any group with broad AD write access can use the tool without additional delegation.

Optional: Restrict Who Can Launch the Tool

If you want to prevent unauthorized users from even opening the tool, add a group membership check at the top of AD-UserManagement.ps1. See SETUP.md for a ready-to-use code snippet.

Configuration

All environment-specific values are stored in config.json, generated by the configuration wizard. This file is excluded from version control via .gitignore.

Setting Required Description
DomainController Yes FQDN of your Domain Controller
DomainFQDN Yes AD domain FQDN used for login (e.g. ad.contoso.com)
EmailDomain Yes Email/UPN domain (e.g. contoso.com)
StandardUsersOU Yes Distinguished Name of the OU where active users reside
DisabledUsersOU Yes Distinguished Name of the OU where disabled accounts are moved
SecurityGroupDN No DN of a security group to manage (leave blank to hide the tab)
SecurityGroupName No Friendly display name for the group (e.g. "VPN Access")
SessionTimeoutMinutes No Inactivity timeout in minutes (default: 10)

File Structure

AD-UserManagement/
  AD-UserManagement.ps1        Main tool
  Configure-ADUserMgmt.ps1     Configuration wizard
  config.json                  Generated config (gitignored)
  README.md                    This file
  SETUP.md                     Detailed setup and delegation guide
  CHANGELOG.md                 Version history
  LICENSE                      MIT License
  .gitignore                   Excludes config.json

License

MIT

About

PowerShell GUI tool for managing Active Directory users, passwords, and security group membership. Config-driven, delegation-ready.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

v1.0.0 - Initial Release Latest
Mar 25, 2026

Packages

 
 
 

Contributors

Languages