This tool lets a Neo Agent generate and run validated Active Directory PowerShell on a domain controller, executed through your connected RMM. It’s how Neo manages on-prem and hybrid AD environments — user and computer accounts, organizational units, group membership, and infrastructure queries.Documentation Index
Fetch the complete documentation index at: https://docs.neoagent.io/llms.txt
Use this file to discover all available pages before exploring further.
Enabled automatically when you turn on Active Directory permissions on the workflow’s Integrations tab — there’s no separate toggle in the tool list. Requires an RMM connection that can run scripts on the domain controller. See Microsoft 365 integration and on-prem setup.
What It Does
- Create, update, disable, enable, and delete AD user accounts
- Reset passwords and unlock accounts
- Manage group membership — security groups, distribution groups, OUs
- Manage computer accounts and organizational units
- Query directory and infrastructure state
- Trigger an Azure AD Connect (Entra Connect) sync so on-prem changes propagate to the cloud
Hybrid Environments
In a hybrid setup, configure Microsoft 365 as on-prem. Neo makes the change on your domain controller and then triggers an Entra Connect sync, so a password reset or group change made on-prem shows up in the cloud automatically — no separate cloud action needed.Safety
| Control | Behavior |
|---|---|
| Validated cmdlets | Code is parsed before it runs — only AD cmdlets are allowed; dangerous operations are blocked |
| Allow / deny lists | Optionally restrict the agent to a specific set of cmdlets, or block specific ones |
| Technician-in-the-Loop | Require human approval before any write — configurable on the Active Directory permission group |
| Access level | Set the AD permission groups to Read Only to allow only query cmdlets |
| Runs through your RMM | Execution uses your existing RMM agent on the domain controller — the same credentials and audit trail you already trust |
How to Configure
Connect an RMM
Connect a supported RMM that can run scripts on the domain controller.
Configure the on-prem environment
Follow the on-prem setup guide to point Neo at the domain controller.
Enable Active Directory permissions
On the workflow’s Integrations tab, set the Active Directory permission groups (users, groups, computers, OUs, infrastructure, Entra Connect sync) to Read Only or Read / Write.