Buunk.

Automating Simple Tasks in Active Directory with Python

As part of a school assignment, I developed a Python-based automation tool designed to streamline user management in Active Directory (AD). The project was built to reflect real-world IT challenges specifically, the repetitive and error-prone tasks involved in onboarding, offboarding, and maintaining user accounts across enterprise systems.

While the concept was provided to us, the implementation demanded a solid understanding of Python, LDAP protocols, API integration, and CI/CD workflows. It was a hands-on opportunity to apply technical knowledge to a practical problem, and it delivered valuable insights into how automation can transform IT operations.

Project Overview

The tool is modular by design. Each AD task such as creating a user, disabling an account, or assigning group memberships is handled by a dedicated Python script. A central frontend script collects user input, sets environment variables, and triggers the appropriate backend script. This structure makes the system easy to maintain and extend.

Execution can happen in two ways:

  • Locally, using shell commands and environment variables.
  • Remotely, via API calls to Semaphore, a CI/CD platform that handles centralized execution and authentication.

For the assignment, one of the requirements was to run the scripts locally. I took it a step further by adding compatibility with Semaphore. This allowed me to use the same scripts in my homelab environment, where they could be executed remotely in a more secure and authenticated way.

Technical Stack

The project uses several key Python libraries:

  • ldap3 for interacting with Active Directory
  • requests for API communication
  • argparse for command-line parsing
  • colorama for enhanced console output
  • json for configuration management

Configuration is handled through two JSON files:

  • api.json stores API keys and endpoint URLs.
  • oobconf.json contains LDAP credentials and server details.

Key Features

Some of the most impactful scripts include:

  • User Creation (maak_gebruiker.py): Automatically generates secure credentials and ensures unique usernames.
  • Group Assignment (voeg_gebruiker_aan_groep.py): Adds users to predefined security groups linked to services like Proxmox, Synology, Grafana, and MariaDB.
  • Permission Cloning (copy_gebruiker_groepen.py): Copies group memberships from one user to another—ideal for onboarding new employees.
  • User Disabling (disable_gebruiker.py): Disables accounts and moves them to a secure organizational unit.

Each script is designed to be reusable, reliable, and easy to integrate into broader workflows.

If you’re interested in exploring the code behind each part of the project, all the scripts are available on my GitHub.

Feel free to check it out: https://github.com/jurrebuunk/OnOffBoarding

What I Gained

This project deepened my understanding of how automation can reduce human error, improve consistency, and save time in IT environments. I learned how to structure Python scripts for modularity, how to securely manage credentials, and how to integrate local and remote execution paths. It also introduced me to Semaphore and gave me a solid understanding of the role CI/CD plays in infrastructure automation, which now forms a significant part of my personal homelab infrastructure.