Koppla is a Model-Context-Protocol (MCP) Server that enables you to use AI agents, like Claude or Github Copilot, to manage your Active Directory using natural language. Searching for inactive users, or modifying group memberships becomes a lot easier with Koppla.
See how easy AD management can be 👇
What is Koppla?
Before I show you how you can set up Koppla in your own environment, let’s first take a closer look at what it is, what it can do, and of course, how it’s built up.
Koppla is an MCP (Model Context Protocol) Server. The MCP protocol is developed by Anthropic and allows AI systems like Claude to connect securely to other data sources. It is basically a bridge between the application and AI tool.
MCP servers can be built for both local and online resources, but the MCP server always runs on your local hardware. Your API keys or credentials don’t leave your computer.
Koppla is written in Python and uses the LDAP protocol to run queries against your domain controller. Now, the Active Directory is not something you want to mess with, so I have limited the capabilities of the tool.
The tool gives the AI agent the ability to run all LDAP search queries it wants, but it can only perform a few update actions:
- Update User Attributes
- Add a user to a group
- Remove a user from a group
Before it can even do those actions, you will need to set a configuration variable to true, and the AI agent will also ask for confirmation before it actually performs the write action. Now, there are more security features built-in into the tool, which I will explain later.
When it comes to using Koppla in a production environment, there is one thing to keep in mind: Where is your data being processed? Let me explain; an MCP server gets the data out of your local or online resource, in this Active Directory.
That data is then sent to your AI tool for analysis. If you are using Claude Desktop, then the data is processed in the United States. With Copilot, you have a bit more control and can choose to use data centers in the EU region. Besides that, keep in mind that you are maybe sending sensitive data to a third party. So if you really want to keep your data safe, then you should use Koppla only with a local LLM like LM studio.
Which Task can Koppla perform?
With Koppla, the AI tool can search through your complete Active Directory, allowing it to retrieve all kinds of information and run analyses against it.
As mentioned, it can also perform a couple of update tasks, allowing you to update user attributes or change group memberships.
A couple of example queries that you can run are:
- Add John Doe to the ‘IT Admins’ security group.
- List all locked-out user accounts.
- Which users are member of Management, but not Project Leads?
- Find all recent changes in the AD
- Get all empty groups
- Create a cart with the number of computers per location
Installing Koppla
You can start using Koppla with the free version of Claude, so you don’t need a subscription to start with. I recommend to use it in a test environment first.
Requirements
To use Koppla, you will need to have Python installed. Make sure that you add Python to your path environment as well (check the box at the beginning of the installation)
- Python 3.7 or higher
- Active Directory environment
- Claude Desktop application
Step 1 – Installation
If you have Python installed, you can install Koppla using the command below
pip install koppla
Step 2 – Configuration
We will need to add the MCP Server details into the Claude configuration file (claude_desktop_config.json). Now, we are using a Username and Password to authenticate against the Active Directory server. To store the password securely, we are going to encrypt it.
To make this easier, I have added a small Configuration Manager that will ask you Active Directory details, encrypt your password using Fernet symmetric encryption, and create or update the Claude Desktop configuration file.
Run the command below to start the configuration manager:
koppla-config configure
You can also use the following command:
- Display current configuration:
koppla-config show - Test your AD connection:
koppla-config test
The configuration manager will add the following configuration to the “mcpServers” section of your claude_desktop_config.json:
{
"mcpServers": {
"Koppla-Active-Directory": {
"command": "python",
"args": ["-m", "koppla.server"],
"env": {
"AD_SERVER": "ldap://<domain-controller-name>:389",
"AD_USER": "<domain\\username>",
"AD_PASSWORD": "<password>",
"BASE_DN": "DC=lazyadmin,DC=nl",
"AD_WRITE_ENABLED": "false"
}
}
}
}
Step 3 – Restart Claude Desktop App
You will need to restart the Claude Desktop App to use the new MCP Server. On Windows, make sure you close the app in the system tray, otherwise it won’t fully restart.
Using Koppla
If you have successfully installed and configured Koppla, then you will see a small hammer icon in the input field when you open the Claude Desktop App.
You can now ask Claude for information about your Active Directory.
Frequently Asked Questions
First test the tool in an test enviroment so you now what it does and what it’s capable of. If you want to use it in a production environment, then create an service account that only read acces in your Active Directory.
I have used Fernet symmetric encryption to encrypt the password. The encryption key is stored separately from the configuration in a key file with restricted permissions.
By default, all write operations (adding/removing users from groups, updating user attributes) are disabled. To enable write operations, you will need to set AD_WRITE_ENABLED to “true” in the claude_desktop_config.json file.
You can open the file by going to the menu in the Claude Desktop App. Choose File > Settings > Developer and click on Edit Config.
If you encounter any issues or have suggestions for improvements, please open an issue in GitHub: ruudmens/Koppla
