AD Group Manager Web is a self-service web portal that lets department managers and team leaders manage their own Active Directory group memberships through a web browser — without needing ADUC, PowerShell, or IT admin privileges.
IT administrators maintain full control through an admin panel with audit logging, email notifications, configurable permissions, and field-level visibility settings. The application runs entirely on-premises on your own Windows Server with IIS.
AD Group Manager Web uses native Active Directory attributes to determine who can manage which groups. No schema extensions or custom attributes are required.
The application reads two standard AD attributes on each group object:
When a manager logs in, the application queries Active Directory and automatically shows them only the groups they are authorized to manage. The manager never sees or interacts with groups outside their scope.
AD Group Manager Web finds managed groups using three methods:
Direct manager — UserA is set directly as the managedBy value on GroupA.
Group membership — UserA is a member of GroupB, and GroupB is set as the managedBy value on GroupA. All members of GroupB can manage GroupA.
Nested group inheritance — UserA is a member of GroupC, which is a member of GroupB (the manager group). UserA inherits management rights through the nested group chain.
This means you can delegate management to individual users, to a team (via a security group), or through nested group hierarchies — all using standard AD structures your organization likely already has in place.
For step-by-step instructions on configuring managers in Active Directory, see How to set up a manager.
AD Group Manager Web is designed for simplicity and data sovereignty. The entire application runs on your infrastructure with no cloud dependencies.
| Component | Technology |
|---|---|
| Web server | IIS on Windows Server |
| Application framework | ASP.NET Core (.NET 10) |
| Local database | SQLite (settings, audit logs, license data) |
| Authentication | AD credentials (Basic) or Windows Authentication (Kerberos) |
| AD communication | LDAP queries using System.DirectoryServices |
| Client requirements | Any modern web browser — no plugins or client software |
There are no agents to install on domain controllers or member servers, no schema changes to Active Directory, and no data leaves your network. The SQLite database (adgm.db) stores only application settings, audit log entries, and license information — no Active Directory data is cached or replicated.
A typical deployment takes about 15 minutes: enable IIS, install the ASP.NET Core Hosting Bundle, run the installer, and configure a few lines in appsettings.json. See the Quick Start Guide or the full Installation instructions.
| Requirement | Details |
|---|---|
| Operating system | Windows Server 2016 or later |
| Web server | IIS (Internet Information Services) |
| Runtime | ASP.NET Core 10 Hosting Bundle |
| Active Directory | Standard AD domain (no schema extensions needed) |
| Browser | Any modern browser (Chrome, Edge, Firefox, Safari) |
| Network | The server must be able to reach a domain controller via LDAP |
For detailed installation steps, see the Installation guide.
AD Group Manager Web is developed and maintained by Albus Bit.