{"id":111,"date":"2025-09-24T09:35:33","date_gmt":"2025-09-24T09:35:33","guid":{"rendered":"https:\/\/buunk.org\/?p=111"},"modified":"2025-09-24T09:35:33","modified_gmt":"2025-09-24T09:35:33","slug":"automating-simple-tasks-in-active-directory-with-python","status":"publish","type":"post","link":"https:\/\/buunk.org\/?p=111","title":{"rendered":"Automating Simple Tasks in Active Directory with Python"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">As part of a school assignment, I developed a Python-based automation tool designed to streamline user management in Active Directory (AD). The project was built to reflect real-world IT challenges specifically, the repetitive and error-prone tasks involved in onboarding, offboarding, and maintaining user accounts across enterprise systems.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">While the concept was provided to us, the implementation demanded a solid understanding of Python, LDAP protocols, API integration, and CI\/CD workflows. It was a hands-on opportunity to apply technical knowledge to a practical problem, and it delivered valuable insights into how automation can transform IT operations.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"554\" src=\"https:\/\/buunk.org\/wp-content\/uploads\/2025\/09\/preview-1024x554.png\" alt=\"\" class=\"wp-image-112\" srcset=\"https:\/\/buunk.org\/wp-content\/uploads\/2025\/09\/preview-1024x554.png 1024w, https:\/\/buunk.org\/wp-content\/uploads\/2025\/09\/preview-300x162.png 300w, https:\/\/buunk.org\/wp-content\/uploads\/2025\/09\/preview-768x415.png 768w, https:\/\/buunk.org\/wp-content\/uploads\/2025\/09\/preview-1536x831.png 1536w, https:\/\/buunk.org\/wp-content\/uploads\/2025\/09\/preview.png 1919w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Project Overview<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">The tool is modular by design. Each AD task such as creating a user, disabling an account, or assigning group memberships is handled by a dedicated Python script. A central frontend script collects user input, sets environment variables, and triggers the appropriate backend script. This structure makes the system easy to maintain and extend.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Execution can happen in two ways:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Locally<\/strong>, using shell commands and environment variables.<\/li>\n\n\n\n<li><strong>Remotely<\/strong>, via API calls to Semaphore, a CI\/CD platform that handles centralized execution and authentication.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">For the assignment, one of the requirements was to run the scripts locally. I took it a step further by adding compatibility with Semaphore. This allowed me to use the same scripts in my homelab environment, where they could be executed remotely in a more secure and authenticated way.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-style-rounded\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"549\" src=\"https:\/\/buunk.org\/wp-content\/uploads\/2025\/09\/Screenshot-2025-06-30-073906-1024x549.png\" alt=\"\" class=\"wp-image-113\" style=\"object-fit:cover\" srcset=\"https:\/\/buunk.org\/wp-content\/uploads\/2025\/09\/Screenshot-2025-06-30-073906-1024x549.png 1024w, https:\/\/buunk.org\/wp-content\/uploads\/2025\/09\/Screenshot-2025-06-30-073906-300x161.png 300w, https:\/\/buunk.org\/wp-content\/uploads\/2025\/09\/Screenshot-2025-06-30-073906-768x412.png 768w, https:\/\/buunk.org\/wp-content\/uploads\/2025\/09\/Screenshot-2025-06-30-073906-1536x824.png 1536w, https:\/\/buunk.org\/wp-content\/uploads\/2025\/09\/Screenshot-2025-06-30-073906.png 1913w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Technical Stack<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">The project uses several key Python libraries:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>ldap3<\/code> for interacting with Active Directory<\/li>\n\n\n\n<li><code>requests<\/code> for API communication<\/li>\n\n\n\n<li><code>argparse<\/code> for command-line parsing<\/li>\n\n\n\n<li><code>colorama<\/code> for enhanced console output<\/li>\n\n\n\n<li><code>json<\/code> for configuration management<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Configuration is handled through two JSON files:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>api.json<\/code> stores API keys and endpoint URLs.<\/li>\n\n\n\n<li><code>oobconf.json<\/code> contains LDAP credentials and server details.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Key Features<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Some of the most impactful scripts include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>User Creation (<\/strong><code>maak_gebruiker.py<\/code><strong>)<\/strong>: Automatically generates secure credentials and ensures unique usernames.<\/li>\n\n\n\n<li><strong>Group Assignment (<\/strong><code>voeg_gebruiker_aan_groep.py<\/code><strong>)<\/strong>: Adds users to predefined security groups linked to services like Proxmox, Synology, Grafana, and MariaDB.<\/li>\n\n\n\n<li><strong>Permission Cloning (<\/strong><code>copy_gebruiker_groepen.py<\/code><strong>)<\/strong>: Copies group memberships from one user to another\u2014ideal for onboarding new employees.<\/li>\n\n\n\n<li><strong>User Disabling (<\/strong><code>disable_gebruiker.py<\/code><strong>)<\/strong>: Disables accounts and moves them to a secure organizational unit.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Each script is designed to be reusable, reliable, and easy to integrate into broader workflows.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">If you&#8217;re interested in exploring the code behind each part of the project, all the scripts are available on my GitHub. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Feel free to check it out: <a href=\"https:\/\/github.com\/jurrebuunk\/OnOffBoarding\">https:\/\/github.com\/jurrebuunk\/OnOffBoarding<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">What I Gained<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">This project deepened my understanding of how automation can reduce human error, improve consistency, and save time in IT environments. I learned how to structure Python scripts for modularity, how to securely manage credentials, and how to integrate local and remote execution paths. It also introduced me to Semaphore and gave me a solid understanding of the role CI\/CD plays in infrastructure automation, which now forms a significant part of my personal homelab infrastructure.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>As part of a school assignment, I developed a Python-based automation tool designed to streamline user management in Active Directory (AD). The project was built to reflect real-world IT challenges specifically, the repetitive and error-prone tasks involved in onboarding, offboarding, and maintaining user accounts across enterprise systems. While the concept was provided to us, the [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":112,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-111","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/buunk.org\/index.php?rest_route=\/wp\/v2\/posts\/111","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buunk.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buunk.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buunk.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buunk.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=111"}],"version-history":[{"count":1,"href":"https:\/\/buunk.org\/index.php?rest_route=\/wp\/v2\/posts\/111\/revisions"}],"predecessor-version":[{"id":114,"href":"https:\/\/buunk.org\/index.php?rest_route=\/wp\/v2\/posts\/111\/revisions\/114"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buunk.org\/index.php?rest_route=\/wp\/v2\/media\/112"}],"wp:attachment":[{"href":"https:\/\/buunk.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=111"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buunk.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=111"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buunk.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=111"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}