Reputation: 41
Searching for an API for actions in Microsoft Active Directory
Does anyone know if there is an API for actions in Microsoft Active Directory (like: add user to group, changing group policy etc).
For example: if I want to update group policy - to block url for some user, I want to do it by the API
Upvotes: 4
Views: 16651
Answers (3)
Reputation: 2084
I see this is an old question but why not an old (COM-based) answer, ADSI (Active Directory Service Interfaces)?
You can use it:
- With PS (if you satisfy the prerequisites).
- From T-SQL/Linked Server.
- From C#
- ...and others.
It's not RESTful but the original poster didn't stipulate REST. I know. It's not the easiest to work with.
Upvotes: 0
Reputation: 11
As other members commented, there is no official API from Microsoft, which is a big problem in my case because I need an API to automate application integrations to both Microsoft Active Directory and DNS. I want to create a Terraform module.
I tested these two APIs mentioned by @RamaraoAdapa-MT and ultimately decided to write to my own API. The idea of calling PowerShell modules or using AD credentials doesn't sound like a good idea.
Both of them lack the ability to use Microsoft DNS, and I need to register/unregister machines in DNS using an API.
It took me almost two years to develop a good REST API (and a Terraform module) for Microsoft Active Directory and DNS in my free time, using tokens for authentication instead of user/password, and I recommend writing yourself an API.
Update Sept-2023: I released the API as one of my customers who used the API in a private project mentioned that it can be useful for other people to have a production-ready API.
The API is available at KopiCloud AD API - The API for Microsoft Active Directory and DNS with Terraform Provider.
Upvotes: 1
Reputation: 3119
As suggested by @mathias-r-jessen, there are no REST APIs provided by Microsoft for Microsoft Active Directory. You need to communicate with multiple APIs. Modifying group memberships is as simple as doing an LDAP modify operation, but for GPOs you'll have to write to the SYSVOL share and speak to a different service on one of the domain controllers to ensure version updates for example.
There are some third-party software providing REST APIs for Microsoft Active Directory.
You can use ADManager Plus REST APIs to perform AD user account management operations. You can access the APIs from your Application.
Please refer this for what operations you can perform using AD Manager Plus REST APIs :
Active Directory REST APIs from ManageEngine ADManager Plus
Also, you can use Addict to perform Active Directory operations. Addict is a drop-in REST API microservice for Active Directory implementations.
You can refer this for the operations you can perform using Addict :
neuroradiology/addict-1: Get a full Active Directory REST API in 30 seconds (github.com)
Upvotes: 3
Related Questions
- How to programatically update group policy? i.e. gpupdate /force
- Api's to get Password Policy in Azure AD
- How to get a list of Group Policy Objects applied to local workstation
- Reading Group Policy Settings using C#
- How to retrieve group-policy settings programatically?
- How to apply Windows group policy using .NET?
- Win7 API to programmatically add a group to a security policy?
- How to programatically update group policy with C++?
- C# linking group policy in AD
- Reading Local Group Policy / Active Directory Settings