I need a clean, well-documented PowerShell script that takes routine user and group management off my plate in Active Directory. The script should handle the usual life-cycle operations—creating and disabling accounts, updating attributes, resetting passwords, and adding or removing users from security or distribution groups. I would like to feed the script a CSV (or similar) with the actions, have it validate the data, execute the changes, and then write a clear log so I can see exactly what happened and why. I work in a Windows-based environment, so please rely on the standard ActiveDirectory module that ships with RSAT / Windows Server. Error handling is essential; if an action fails, I need the script to roll back that single change, record the issue, and continue processing the remaining items without stopping the whole run. Deliverables • A single .ps1 file, ready to run from PowerShell 5.1 or newer • A sample CSV template and a brief README that explains required columns, parameters, and how to schedule the job with Task Scheduler Acceptance criteria • No hard-coded credentials; the script must support secure credential prompts or an encrypted credential file • All actions are logged with time stamps and the distinguished name of the affected object • Dry-run switch that outputs the planned changes without touching AD, useful for testing If you have questions about edge cases—nested groups, special characters in names, or bulk operations—let me know so we can iron them out before you start coding.