Documentation - adminTOOLz

AdminT00Lz — Documentation

1. Application Overview

AdminT00Lz is an internal systems-administration toolkit built for the IT operations team. It consolidates day-to-day IT administration tasks into a single web-based portal, including:

Active Directory user and group management
Exchange Server administration (on-premises & online)
Post-patch scanning and reporting of Windows servers
Automated scan scheduling via background services
Asset inventory tracking (servers, desktops, printers)
Admin skills knowledge base
API integration with external ticketing and task systems
API key management and an interactive API request simulator

The application runs as a Windows Service and is accessible through a web browser, providing a familiar admin dashboard experience with role-based access control.

2. Architecture

Technology Stack

Framework	ASP.NET Core 8.0 — Razor Pages
Language	C# 12
Runtime	.NET 8, win-x64, self-contained single-file deployment
Web Server	HTTP.sys with Negotiate (Kerberos / NTLM) authentication
Hosting	Windows Service
Primary Database	SQL Server (business data via ISqlService)
Directory Services	LDAP (System.DirectoryServices.Protocols)
Data Protection	DPAPI keys persisted to filesystem

Authentication Model

The application uses dual authentication:

Windows Authentication — HTTP.sys Negotiate (Kerberos/NTLM) for interactive browser sessions.
JWT Bearer — Token-based authentication for API consumers, issued via the OAuth token endpoint.

Key Services

Service	Purpose
`ISqlService`	SQL Server data access layer
`IDatabaseService`	Database connection management
`ILdapService`	Active Directory queries and updates
`IScanService`	Post-patch scan CRUD and scheduled scans
`ITaskProcessingService`	Admin task execution engine
`ITaskExecutionLogService`	Task execution audit log
`IAccessGroupService`	Role-based access group management
`IApiKeyService`	API key lifecycle and JWT generation
`IExportService`	Data export utilities
`IAccountDisableService`	AD account disable workflows
`ScheduledScanHostedService`	Background service that runs scheduled scans automatically

Network Configuration

HTTP and HTTPS ports are configurable through the application settings stored in SQLite. Default ports are 88 (HTTP) and 8443 (HTTPS).

3. Authentication & Access Control

Page-level access is enforced by the AccessControlFilter. Users are assigned one of three roles through access groups:

Role	Permissions
Administrator	Full access to all pages including Controls, Logs, and settings
Editor	Access to Tasks and operational pages; can create and modify records
Viewer	Read-only access to Tasks and operational pages

Users who are members of the configured LDAP admin group are treated as superusers and bypass all role checks.

Page Categories

Tasks pages (AD Admin, Exchange Admin, Skills) — Require any assigned role (Administrator, Editor, or Viewer).
Tools pages (API Request Simulator, Agent Dialog) — Require any assigned role (Administrator, Editor, or Viewer).
Controls pages (Settings, Auth Config, API Key Management) — Require Administrator role.
Logs pages (Task Execution Log) — Require Administrator role.

4. Features

Dashboard

The Dashboard is the landing page of the application. It provides an at-a-glance summary of key operational metrics and quick links to frequently used features.

Navigation: Sidebar → Dashboard

Assets

The Assets section provides an inventory of IT infrastructure managed by the team. Assets are organized into three categories:

Category	Sub-items	Description
Servers	Windows, Linux, AIX	Browse and manage server inventory by operating system. The Windows list (`/Servers_List`) displays all tracked Windows servers with details and status.
Desktops	PVDI, NPVDI	Virtual desktop infrastructure inventory, split by persistent (PVDI) and non-persistent (NPVDI) desktops.
Printers	Canon, HP	Network printer inventory organized by manufacturer.

Navigation: Sidebar → Assets → select category

Reports

Report	Path	Description
Scan Reports	`/ScanReports`	View historical scan results, filter by date range, scan group, or server. Drill into individual scan sessions to see detailed findings.
PostPatch Report	`/PostPatchReport`	Consolidated post-patching compliance report showing patch status across servers after maintenance windows.

Navigation: Sidebar → Reports → select report

Tasks

The Tasks section is the operational core of adminT00Lz, housing the AD administration, Exchange administration, and post-patch scanning modules.

AD Admin

Active Directory administration tools for managing users, groups, and account states.

Page	Path	Description
Users & Groups	—	Parent menu for AD user and group management tools.
AD Groups	`/adminScripts/ad_groups`	Browse, search, and view Active Directory security and distribution groups. Click a group to see its members, description, and metadata. Use the Refresh button to re-query LDAP and update the local cache.
AD Users	`/adminScripts/ad_users`	Browse and search Active Directory user accounts. Click a user to view full details (department, manager, group memberships, account status). Use the Refresh button to re-query LDAP for the latest data.
Check User Lock	`/adminScripts/ad_user_lock`	Quickly check whether a specific AD user account is currently locked out, and view lockout timestamp and source.
Disable Account	`/adminScripts/ad_user_disable`	Initiate the account disable workflow for departing users. This follows a controlled process to disable the AD account, remove group memberships, and log the action.
Admin Tasks	`/adminScripts/adminTasks`	View and manage administrative task definitions that can be executed by the task processing engine.

Exchange Admin

Exchange Server administration tools for both on-premises and Exchange Online environments.

Page	Path	Description
Task Form	`/adminScripts/taskForm`	Create and submit Exchange administration tasks (e.g., mailbox provisioning, distribution list changes). Select a task code, fill in the required fields, and execute.
SNOW Req. Form	`/adminScripts/requestForm`	ServiceNow request integration form. Submit structured requests that map to SNOW catalog items.
Admin Tasks	`/adminScripts/adminTasks`	View and manage the list of available admin task definitions.
Trace SendAs or SendOnBehalf	`/adminScripts/audit_sendas`	Trace “Send As” or “Send on Behalf” emails.
Trace (OnPrem)	`/adminScripts/trace_onprem`	Run message trace queries against the on-premises Exchange environment to track email delivery.
Trace (Online)	`/adminScripts/trace_online`	Run message trace queries against Exchange Online to track cloud email delivery.
Validate Email Accounts	`/adminScripts/validate_email_accounts`	Validate AD user email configurations against M365 standards. Runs three checks: Missing M365 Proxy (no proxy address ending with the M365 tenant domain), Wrong Forwarding (TargetAddress doesn’t match the expected `mailNickname@tenant` pattern), and Bad ExtensionAttribute13 (missing or invalid value). Results can be filtered by issue type, restricted to user accounts only, and exported to CSV. Each row links to the full AD User Details page.
Task Codes	`/adminScripts/TaskCodes`	Manage the catalog of task codes that define available Exchange admin operations.
Task Fields	`/adminScripts/TaskFields`	Configure the input fields associated with each task code (field names, types, validation rules).

PostPatch Scan

The PostPatch Scan module automates the verification of Windows servers after patching maintenance windows. It checks service health, connectivity, and system state to ensure servers are operating correctly post-patch.

Page	Path	Description
Servers List	`/Servers2scan`	Manage the list of servers included in post-patch scanning. Add, edit, or remove servers and assign them to scan groups.
Scan Groups	`/ScanGroups`	Organize servers into logical scan groups (e.g., by environment, region, or maintenance window).
Scan Jobs	`/ScanJobs`	View and manage scan job definitions. A scan job groups one or more scan tasks and targets a scan group of servers.
Scan Tasks	`/ScanTasks`	Define individual scan tasks (e.g., ping test, service check, port check) that are executed as part of scan jobs.
Scheduled Scans	`/ScheduledScans`	Configure automated scan schedules. Set a scan job to run at a specific interval (in minutes). The `ScheduledScanHostedService` background service checks every 60 seconds and triggers due scans automatically. Administrator only: Add, enable/disable, or delete schedules.
Services	`/Services`	Manage Windows services that are monitored during post-patch scans. During Windows Services verification, the tool collects information about services configured for automatic startup and checks whether they are running as expected. When instructed, it can attempt to restart a stopped service and then rerun the verification by scheduling an additional follow-up job.
Patch Groups	`/PatchGroups`	Define patch groups that align with organizational patching schedules and maintenance windows.
Business Owners	`/Owners`	Maintain a directory of business owners responsible for servers, used for notification and escalation.
vCenters	`/VCenters`	Register VMware vCenter instances for virtual server inventory correlation.

Skills

The Skills module serves as an internal knowledge base where the team can document administration procedures, troubleshooting steps, and technical skills. It also includes AI-powered agent skills for automated task interpretation.

Page	Path	Description
Documentation	`/adminSkills/Documentation`	This page — comprehensive application documentation and user guide.
Admin Skills
Skills List	`/adminSkills/AdminSkills`	Browse all documented admin skills. Click any skill to view its detailed description and related task. Use the Add button to create a new skill entry.
Skill Types	`/adminSkills/SkillTypes`	Manage skill type categories (e.g., “Exchange”, “Active Directory”, “Networking”) used to organize skills.
Agent Skills
Task Skills	`/agentSkills/TaskSkills`	Manage AI agent system prompts used by the Agent Dialog tool. These skills define how the LLM (Large Language Model) interprets natural language requests and converts them into structured task API calls. Each skill contains a system prompt with placeholders (e.g., `$taskList`) that are replaced with runtime values. Administrators can add, edit, and customize prompts to improve the AI's ability to understand and process administrative tasks.

Navigation: Sidebar → Skills → select category

Tools

Tool	Path	Description
API Request Simulator	`/Tools/api_req_simulator`	An interactive tool for testing API endpoints. Select an HTTP method (GET, POST, PUT, DELETE), enter the URL, add headers and a request body, then send the request. The response status, headers, and body are displayed in real time. Supports pasting tab-separated data and importing/exporting request configurations. Access: Available to all authenticated users (Viewer, Editor, and Administrator).
Agent Dialog	`/Tools/AgentDialog`	AI-Powered Task Assistant — An intelligent chat interface that uses natural language processing to interpret administrative requests and generate structured API calls. Describe your task in plain language (e.g., “Add user john.doe to the DL 'Marketing Group'” or “Grant full access to shared mailbox 'Research' for jane.smith”), and the agent will analyze the request, identify the appropriate task code, extract the required parameters, and generate the JSON payload. You can review the generated request before sending it to the Task API for execution. Access: Available to all authenticated users (Viewer, Editor, and Administrator). Requires configured LLM provider (Ollama, Azure OpenAI) and defined agent skills. Uses local or cloud-based Large Language Models to understand context and intent.
JWT Token Debugger	`/Tools/TokenDebugger`	A diagnostic tool for troubleshooting JWT token issues. Displays the server's JWT configuration (issuer, audience, signing key preview) and allows you to decode and validate access tokens. Use this tool to diagnose "401 Unauthorized" errors by checking if the token's issuer and audience match the server's expected values, and whether the token has expired. Access: Available to all authenticated users (Viewer, Editor, and Administrator).
API Key Management	`/api_key_request`	Manage API keys for programmatic access to the adminT00Lz API. Generate new keys, view existing keys, revoke compromised keys, and configure key permissions. Each key can be used with the OAuth token endpoint to obtain a JWT Bearer token for authenticated API calls. Access: Administrator role only.

Navigation: Sidebar → Tools → select tool

4g. Agentic AI Features

adminT00Lz includes AI-powered capabilities that use Large Language Models (LLMs) to interpret natural language administrative requests and convert them into structured API calls. This enables administrators to interact with the system using plain language instead of learning specific API syntax.

Overview

The Agentic AI system consists of three main components:

Agent Dialog — A conversational interface where administrators can describe tasks in natural language
Task Skills — System prompts that teach the AI how to interpret requests and map them to API calls
LLM Provider — The underlying AI engine (currently Ollama, with Azure OpenAI and OpenAI coming soon)

How It Works

Administrator describes a task in plain language in the Agent Dialog
The request is sent to the configured LLM Provider along with relevant Task Skills system prompts
The AI analyzes the request and generates a structured JSON payload with the appropriate task code and parameters
Administrator reviews the generated request and can send it directly to the Task API for execution

Example Workflow

User Input:

"Add user john.doe to the distribution list 'Marketing Team'"

AI-Generated Output:

{
  "TaskCode": "ADD_DL_MEMBER",
  "Parameters": {
    "DistributionList": "Marketing Team",
    "UserName": "john.doe"
  }
}

Requirements

Administrator access — Only administrators can use AI features
Configured LLM provider — Ollama must be installed and running, or Azure OpenAI credentials configured
Defined Task Skills — At least one task skill must be configured with appropriate system prompts

Note: The AI assistant is a tool to help generate requests faster. Always review the generated JSON before sending it to the API to ensure it accurately represents your intent.

5. Controls & Settings

The Controls menu is available in the top navigation bar (not the sidebar) and is restricted to Administrator users. It contains application-wide configuration pages.

Authentication

Configuration	`/Auth_Config`	Configure authentication settings including the LDAP admin group and authentication behavior.
Groups	`/access_groups`	Manage access groups and role assignments. Map AD groups to application roles (Administrator, Editor, Viewer).

Application

Database	`/DatabaseSettings`	Configure the SQL Server connection string used for business data storage.
Email	`/EmailSettings`	Configure SMTP settings for outbound email notifications and alerts.
Exchange Server	`/ExchangeSettings`	Configure Exchange Server connection details for on-premises and online environments.
Network	`/NetworkSettings`	Configure HTTP and HTTPS listening ports. Changes require an application restart to take effect.

Agentic AI

Configuration

/AgentSettings

Configure AI agent settings for natural language task processing. Select and configure an LLM (Large Language Model) provider:

Ollama (Local) — Connect to a locally hosted Ollama instance. Configure the endpoint URL (default: http://localhost:11434) and select a model (e.g., llama3.1:8b, mistral:7b, phi3:medium). Test the connection to verify Ollama is running and the model is available.
Azure OpenAI — (Coming soon) Use Microsoft Azure's OpenAI service for cloud-based AI processing.
OpenAI — (Coming soon) Use OpenAI's API directly for cloud-based AI processing.

The configured provider is used by the Agent Dialog tool to interpret natural language requests and generate task API calls.

Logs

Task Execution Log /TaskExecutionLog View a chronological audit log of all task executions, including the user who triggered the task, parameters used, execution time, and result status.

6. API Reference

adminT00Lz exposes a REST API for programmatic integration with external systems.

Authentication Flow

Obtain an API key from the API Key Management page.

Request a JWT token from the OAuth endpoint:

POST /api/oauth/token
Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials&client_id=YOUR_KEY&client_secret=YOUR_SECRET

Include the token in subsequent API requests:
```
Authorization: Bearer <token>
```

Task API

Method	Endpoint	Description
GET	`/Task.svc/CSTASK`	Retrieve tasks
POST	`/Task.svc/CSTASK`	Create a new task
PUT	`/Task.svc/CSTASK`	Update an existing task
DELETE	`/Task.svc/CSTASK`	Delete a task

Use the API Request Simulator to test API calls interactively before integrating them into scripts or external applications.