active-directory
Query and manage Active Directory: users, groups, computers, OUs, GPO status. Use when user asks about AD objects or domain information.
Best use case
active-directory is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Query and manage Active Directory: users, groups, computers, OUs, GPO status. Use when user asks about AD objects or domain information.
Teams using active-directory should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/active-directory/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How active-directory Compares
| Feature / Agent | active-directory | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Query and manage Active Directory: users, groups, computers, OUs, GPO status. Use when user asks about AD objects or domain information.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Active Directory Skill
## When to Activate
- User mentions: AD, Active Directory, user account, group membership, domain, OU, GPO
- User asks to find/create/modify AD objects
- User needs to check group memberships or locked accounts
## Prerequisites Check
```powershell
# Verify AD module is available
if (-not (Get-Module -ListAvailable ActiveDirectory)) {
Write-Warning "ActiveDirectory module not installed. Install RSAT or run on a DC."
# Alternative: Use ADSI queries
}
Import-Module ActiveDirectory -ErrorAction SilentlyContinue
```
## Common Queries
### Find User
```powershell
# By name (partial match)
Get-ADUser -Filter "Name -like '*$searchTerm*'" -Properties DisplayName, EmailAddress, Enabled, LastLogonDate |
Select-Object SamAccountName, DisplayName, EmailAddress, Enabled, LastLogonDate
# By email
Get-ADUser -Filter "EmailAddress -eq '$email'" -Properties *
```
### Check Account Status
```powershell
$user = Get-ADUser -Identity $username -Properties LockedOut, Enabled, PasswordExpired, LastLogonDate, PasswordLastSet
[PSCustomObject]@{
User = $user.SamAccountName
Enabled = $user.Enabled
Locked = $user.LockedOut
PasswordExpired = $user.PasswordExpired
LastLogon = $user.LastLogonDate
PasswordAge = (New-TimeSpan -Start $user.PasswordLastSet).Days
}
```
### Unlock Account
```powershell
Unlock-ADAccount -Identity $username
# Verify
(Get-ADUser -Identity $username -Properties LockedOut).LockedOut
```
### Group Membership
```powershell
# User's groups
Get-ADPrincipalGroupMembership -Identity $username | Select-Object Name, GroupCategory
# Group's members
Get-ADGroupMember -Identity $groupName | Select-Object Name, ObjectClass
```
### Find Inactive Accounts
```powershell
# Users not logged in for 90 days
$cutoff = (Get-Date).AddDays(-90)
Get-ADUser -Filter {LastLogonDate -lt $cutoff -and Enabled -eq $true} -Properties LastLogonDate |
Select-Object SamAccountName, LastLogonDate | Sort-Object LastLogonDate
```
### Computer Objects
```powershell
# Find computer
Get-ADComputer -Filter "Name -like '*$hostname*'" -Properties OperatingSystem, LastLogonDate |
Select-Object Name, OperatingSystem, LastLogonDate, Enabled
# Stale computers (90 days)
Get-ADComputer -Filter {LastLogonDate -lt $cutoff} -Properties LastLogonDate |
Select-Object Name, LastLogonDate
```
### OU Structure
```powershell
# List OUs
Get-ADOrganizationalUnit -Filter * | Select-Object Name, DistinguishedName
# Objects in specific OU
Get-ADUser -SearchBase "OU=Sales,DC=contoso,DC=com" -Filter *
```
### GPO Status
```powershell
# Applied GPOs
gpresult /r
# Detailed GPO report
gpresult /h "$env:TEMP\gpo-report.html"
```
## ADSI Fallback (No Module Required)
```powershell
# Find user via ADSI
$searcher = [adsisearcher]"(samaccountname=$username)"
$searcher.FindOne().Properties
# Find all users in domain
$searcher = [adsisearcher]"(&(objectCategory=person)(objectClass=user))"
$searcher.FindAll() | ForEach-Object { $_.Properties.samaccountname }
```
## Safety Notes
- ⚠️ Always confirm before modifying AD objects
- ⚠️ Use `-WhatIf` for destructive operations
- ⚠️ Document changes for audit complianceRelated Skills
ActiveRecord Query Patterns
Complete guide to ActiveRecord query optimization, associations, scopes, and PostgreSQL-specific patterns. Use this skill when writing database queries, designing model associations, creating migrations, optimizing query performance, or debugging N+1 queries and grouping errors.
active-record-db
This skill should be used when the user asks about Active Record models, database migrations, queries, associations (belongs_to, has_many, has_one, has_and_belongs_to_many), validations, callbacks, scopes, database schema design, SQL optimization, N+1 queries, eager loading, joins, or database-specific features (PostgreSQL, MySQL, SQLite). Also use when discussing ORM patterns, data modeling, or database best practices. Examples:
active-job-coder
Use when creating or refactoring Active Job background jobs. Applies Rails 8 conventions, Solid Queue patterns, error handling, retry strategies, and job design best practices.
interactive-portfolio
Expert in building portfolios that actually land jobs and clients - not just showing work, but creating memorable experiences. Covers developer portfolios, designer portfolios, creative portfolios,...
directory-naming-convention
Defines the directory naming convention.
activecampaign-automation
Automate ActiveCampaign tasks via Rube MCP (Composio): manage contacts, tags, list subscriptions, automation enrollment, and tasks. Always search tools first for current schemas.
active-learning-system
Эксперт active learning. Используй для ML с участием человека, uncertainty sampling, annotation workflows и labeling optimization.
active-interleave
Active Interleave Skill
Active Directory Attacks
This skill should be used when the user asks to "attack Active Directory", "exploit AD", "Kerberoasting", "DCSync", "pass-the-hash", "BloodHound enumeration", "Golden Ticket", "Silver Ticket", "AS-REP roasting", "NTLM relay", or needs guidance on Windows domain penetration testing.
active-campaign-automation
Automate ActiveCampaign tasks via Rube MCP (Composio). Always search tools first for current schemas.
state-directory-manager
Manage persistent state directories for bash scripts
running-interactive-commands-with-tmux
Controls interactive CLI tools (vim, git rebase -i, REPLs) through tmux detached sessions and send-keys. Use when running tools requiring terminal interaction, programmatic editor control, or orchestrating Claude Code sessions. Triggers include "interactive command", "vim", "REPL", "tmux", or "git rebase -i".