Using an Active Directory Planning Tool is key for understanding complex Active Directory environments and often requires more than what traditional management consoles can provide. While tools such as Active Directory Users and Computers offer object-level administration, they make it difficult to visualize relationships, GPO links, delegation models, and overall directory structure at scale.
SMAD-X is an open-source tool that visualizes Active Directory structures, relationships, GPO links, and delegated permissions through an interactive graphical interface. This article provides a technical overview of the tool, focusing on the newly released version 0.3.5 and how it fits into the broader ecosystem of AD visualization utilities.
Table of Contents
Introduction to SMAD-X
Managing complex Active Directory environments presents recurring visibility challenges, particularly regarding nested groups, GPO links, and delegated administrative permissions. SMAD-X addresses these challenges by processing directory metadata and generating an interactive graphical interface designed to simplify directory auditing and improve structural clarity.
New Features in Version 0.3.5
The latest v0.3.5 release introduces structural enhancements that improve the utility of the tool for real-world administrative and audit scenarios.
- Domain Timeline: A chronological tracking feature designed to help administrators track how directory environments evolve over time.
- Enhanced Delegation Management: The update introduces dedicated graph filters, explicit relationship rendering for rights, default delegation groups, and visual indicators directly within the tree view (TreeView).
- Refined User Experience: Text filtering functionality has been enhanced, GPO link views have been redesigned, and both dark and light themes have been optimized to ensure clear node legibility.
- Core Technical Improvements: An updated export format utilizes a standardized JSON structure incorporating the domain name and a timestamp. Object relationship processing has been optimized, and the companion Active Directory data collection PowerShell script has been refined.
Comparing the tool(s)
To understand where SMAD-X fits into your toolkit, it helps to compare it directly against established Active Directory analysis and documentation utilities.
| Tool | Focus | Primary Use Case |
| SMAD-X | Structure, delegation, and visual hierarchy | Active Directory Planning Tool with OU mapping, GPO link tracking, and delegation verification |
| BloodHound | Attack path analysis | Security assessment, identifying privilege escalation paths |
| PingCastle | Security assessment | Active Directory health check and risk evaluation |
| ADExplorer | Object browsing | Real-time directory viewing |
| ADTD / AD Maps | Documentation | Generating static Visio architecture diagrams |
| MockAD | Documentation & Simulation | Generating programmatic mock AD environments for labs |
| md2ADUC | Documentation & Simulation | Deploying lab structures from simple Markdown definitions |
If you need a quick and intuitive overview of Active Directory structure, OU hierarchy, GPO links, and delegated permissions, SMAD-X offers a lightweight alternative that is straightforward to deploy and interpret.
In case you are looking for more documentation and simulation on a lightweight level, I would look at the two free tools i reviewed here in my article “Active Directory Visualization (Free Tools)”.
About the author of this Active Directory Planning Tool
Understanding the engineering pedigree behind an open-source tool often gives clear insight into its design priorities. SMAD-X is developed by Jérôme Bezet-Torres, a recognized expert in system automation and directory infrastructure.
Jérôme is a multi-year Microsoft Most Valuable Professional (MVP) in Cloud and Datacenter Management, a Microsoft Certified Trainer (MCT), and an active member of the French PowerShell User Group (FrPSUG). As an IT consultant, computer science professor in Lyon, France, and published author on PowerShell automation, his background heavily influences the technical workflow of SMAD-X. This expertise explains why the tool avoids heavy agent installations and instead relies on clean PowerShell-driven metadata extraction paired with an interactive frontend.
Checkout more details about the author on his Microsoft MVP website and the following LinkedIn profile.
Getting Started and Data Ingestion
SMAD-X consists of two main components:
- A PowerShell-based data collection script that gathers Active Directory metadata.
- The standalone visualization application that imports the collected data and generates interactive diagrams.
The accompanying PowerShell collection script gathers Active Directory metadata that can then be imported into SMAD-X for visualization and analysis. The latest release can be downloaded directly from the project’s GitHub repository.
Important: The delegation visualization introduced in v0.3.5 is valuable because it makes inherited and explicit permissions easier to identify than when reviewing Access Control Lists (ACLs) directly through Active Directory Users and Computers (ADUC).
Tip: When utilizing the visual delegation features, pay close attention to the orange delegation badges visible in the tree view interface. These highlights allow teams to rapidly pinpoint discrepancies between the theoretical administrative model and the actual permissions applied to containers.
Step-by-Step Installation and Setup
SMAD-X as an Active Directory Planning Tool operates as a portable solution, meaning it requires no invasive installations or local agents running on your domain controllers.
Prerequisites
- A modern Windows client or server environment to run the desktop application interface.
- PowerShell 5.1 or PowerShell Core installed on the collection machine.
- The standard ActiveDirectory PowerShell module loaded on the system where data extraction takes place.
How-to Prepare the Environment
- Navigate to the official GitHub repository and head to the releases page.
- Download the compressed package containing the precompiled binaries for the desktop application. Version v0.3.5 is available here and the direct download for your Windows Server 2025 executable is here.
- Extract the archive to a dedicated tool directory on your local machine or on a file share. No registry keys or local installation wizard executions are required. I am using my \\nas-file-2025\files folder as shown below and explained here.
Running the Tool: Collecting and Visualizing Data
The operation of SMAD-X as a Active Directory Planning Tool relies on an offline ingestion workflow split into metadata extraction and desktop visualization.
Step 1: Create the AD Script to export data from your AD to the SMAD-X format. This script targets Active Directory via standard LDAP queries to parse the current structural architecture.
The accompanying PowerShell collection script gathers Active Directory metadata that can then be imported into SMAD-X for visualization and analysis. This process generates a structured JSON file formatted with the domain name and an active timestamp (e.g., SMAD-X_contoso.com_20260612.json).
IMPORTANT: Never run scripts without reading them and understanding what they do and the potential risks. If run in production please talk with your IT Security team first. They might find an AD export to be a violation or at least something that is blocked by default.
Step 2: Run the script against your active directory with an account with (my assumption) most likely nearly global read access to your Active Directory structure. I did check the script and ran it with a domain admin (not recommended for production!).
powershell -ExecutionPolicy Bypass
.\Export-ADToSMAD-X.ps1 -OutputPath C:\temp\hartiga_130620261144.jsonFor the script i created a local output path and it is important to remember, that you need to provide the full path including the filename. Also pay attention to your execution policy before running the script. I did run a powershell -ExecutionPolicy Bypass first.
Step 3: Visualizing the Infrastructure Launch the standalone executable SMAD-X.exe from your extraction directory. Click on the Import option in the upper menu and select your generated JSON file.
Comparing it with the other tools in my blog article “Active Directory Visualization (Free Tools)” this SMAD-X takes it to the next level as you can see and create GPOs, Tiering and much more. It is also a Active Directory Planning Tool under development by a Microsoft MVP with a high community reputation, which generates additional trust (at least for me).
Once parsed, the application renders your directory tree. Selecting an Organizational Unit or object opens up the specific delegation rules and nested rights on the graph panel.
Conclusion on Active Directory Planning Tool SMAD-X
SMAD-X v0.3.5 as a Active Directory Planning Tool offers a practical, structured alternative for rapid directory mapping. It represents a useful option for identity architects, conslultants, and enterprise administrators looking to maintain an accurate, visual baseline of their Active Directory organizational structure and administrative boundaries.
If you have any questions please don’t hesitate to reach out to me on LinkedIn, Bluesky or check my newly created Adaptive Cloud community on Reddit.
LinkedIn: https://www.linkedin.com/in/andreas-hartig/
Bluesky: https://bsky.app/profile/hartiga.de
Adaptive Cloud community on Reddit: https://www.reddit.com/r/AdaptiveCloud/
