PowerShell IAM Automation Lab

Overview

This project demonstrates the automation of core Identity and Access Management (IAM) processes within a Windows Active Directory environment using PowerShell.

The lab was designed to simulate real-world IAM operations commonly performed by Identity Administrators, IAM Analysts, and Access Management teams. The project focuses on automating user provisioning, role-based access control (RBAC), and Joiner-Mover-Leaver (JML) lifecycle management.

Project Objectives

• Automate Active Directory user provisioning
• Implement Role-Based Access Control (RBAC)
• Automate user onboarding and offboarding processes
• Reduce manual administrative effort through PowerShell scripting
• Demonstrate identity lifecycle management concepts used in enterprise environments

Technologies Used

• Windows Server
• Active Directory Domain Services (AD DS)
• PowerShell
• Active Directory PowerShell Module

IAM Concepts Demonstrated

Identity Lifecycle Management

• User Provisioning
• Account Enablement
• Account Disablement
• Access Revocation

Role-Based Access Control (RBAC)

• Security Group Management
• Group-Based Access Assignment
• Least Privilege Principles

Joiner-Mover-Leaver (JML)

Joiner

• User Creation
• Password Assignment
• Account Activation

Mover

• RBAC Group Assignment
• Access Management

Leaver

• Account Disablement
• Group Membership Removal
• Access Revocation

Project Structure

PowerShell-IAM-Automation-Lab
│
├── Documentation
│   ├── 01-Project-Overview.md
│   ├── 02-User-Provisioning.md
│   ├── 03-RBAC-Automation.md
│   ├── 04-JML-Offboarding.md
│   └── 05-Lessons-Learned.md
│
├── Scripts
│   ├── Create-Users.ps1
│   ├── Add-ToGroups.ps1
│   └── Disable-User.ps1
│
├── Screenshots
│
└── README.md

Workflow

User Provisioning

Users are automatically created using PowerShell and assigned account attributes.

RBAC Assignment

Users are assigned access through security groups rather than direct permission assignment.

Offboarding Automation

Accounts are disabled and access is removed through automated PowerShell workflows.

Screenshots

User Provisioning

Insert:

Screenshots/01-User-Provisioning.png

Users Created in Active Directory

Insert:

Screenshots/02-Users-in-ADUC.png

RBAC Assignment

Insert:

Screenshots/03-RBAC-Assignment.png

Finance Group Membership

Insert:

Screenshots/04-Finance-Group-Membership.png

User Enabled

Insert:

Screenshots/07-User-Enabled.png

User Disabled

Insert:

Screenshots/08-User-Disabled.png

JML Offboarding Verification

Insert:

Screenshots/10-JML-Offboarding.png

Key Skills Demonstrated

• Identity and Access Management (IAM)
• Active Directory Administration
• PowerShell Automation
• User Provisioning
• Access Management
• Role-Based Access Control (RBAC)
• Identity Lifecycle Management
• Access Governance
• Security Administration
• Troubleshooting and Validation

Learning Outcomes

Through this project, I gained practical experience with:

• Automating repetitive IAM tasks
• Managing identities within Active Directory
• Implementing RBAC controls
• Executing Joiner-Mover-Leaver processes
• Troubleshooting PowerShell automation
• Verifying access control implementations

Future Enhancements

Potential future improvements include:

• Automated user deprovisioning workflows
• Audit log generation
• Identity Governance reporting
• Dynamic group assignment
• Microsoft Entra ID integration
• Hybrid Identity Automation

Author

Destiny Akhabue

Aspiring Identity & Access Management (IAM) Professional with hands-on experience in Active Directory, Microsoft Entra ID, RBAC, Identity Governance, and PowerShell automation.