AD Group Manager Web - Online Manual

Online Manual

Adding Members to a Group

From the group members view, click the Add Members button to open the member search interface.

Searching for members

Type a name (or part of a name) into the search box and press Enter or click Search. The application searches Active Directory and displays matching results.

How the search works

  • The search checks the name attribute of AD objects by default.
  • If your administrator has enabled Extended Search, the description attribute is also checked.
  • The default matching mode is starts with — typing “john” finds “John Smith” but not “Mary Johnson”. If your administrator has enabled Broad Search Matching, it uses contains matching instead.
  • Your administrator may have set a minimum search query length (for example, 3 characters). If your query is too short, you will see a message indicating the minimum length.
  • If Safe Search is enabled (the default), only letters, numbers, and spaces are allowed in the search query.

Object type filters

The search can return different types of AD objects. Depending on your administrator’s configuration, you may be able to search for:

  • Users — person accounts
  • Groups — to add groups as members (nested group membership)
  • Computers — computer accounts
  • Contacts — contact objects

Use the checkboxes above the search results to filter by object type. If a checkbox is not visible, your administrator has disabled that object type.

Adding individual members

  1. Search for the person you want to add.
  2. Select one or more members from the search results by clicking their checkboxes.
  3. Click Add to add the selected members to the group.
  4. A confirmation shows how many members were added successfully and how many failed (if any).

Each addition is logged in the audit trail (if logging is enabled) and may trigger an email notification to the configured recipients.

Bulk add

If your administrator has enabled the Bulk Add feature, you can add multiple members at once by entering their usernames separated by semicolons.

Instead of searching one by one, enter a semicolon-separated list of sAMAccountName values:

jsmith;jdoe;mwilson;bpalmer

The application resolves each username against Active Directory and adds all found members to the group in a single operation. The results show which members were added successfully and which could not be found.

This is useful when you have a list of usernames from a spreadsheet or ticket system and need to add them all quickly.

Multi-group add

If your administrator has enabled the Multi-Group Add feature, you can add the same members to multiple groups at once.

  1. From the All Groups page, select multiple groups using the checkboxes.
  2. Click the Add Members button.
  3. Search for and select the members you want to add.
  4. Click Add — the selected members are added to all selected groups in one operation.

This saves time when a new employee needs access to several groups at once.

Time-limited memberships (TTL)

If your administrator has enabled Time-Limited Group Membership, you can set an expiration time when adding members. The membership will automatically expire after the specified duration — no manual removal needed.

When adding members, you will see an option to specify a duration (in minutes). For example:

  • 60 minutes — temporary access for a one-hour meeting or demo
  • 480 minutes (8 hours) — access for one business day
  • 10080 minutes (7 days) — access for a one-week project assignment

After the specified time elapses, Active Directory automatically removes the member from the group. This uses the native AD TTL membership feature (available in Windows Server 2016+ with a domain functional level of 2016 or higher).

Time-limited memberships are particularly useful for:

  • Granting temporary project access
  • Providing time-boxed access for contractors or vendors
  • Implementing just-in-time access for sensitive groups
  • Automatically cleaning up memberships after short-term needs

What happens after adding members

  • The member immediately appears in the group’s member list.
  • If audit logging is enabled, the addition is logged with who performed it, when, and which group was affected.
  • If email notifications are configured, an instant notification is sent to the configured recipients.
  • The member now has whatever access the group provides (file shares, application access, distribution list membership, etc.).

Troubleshooting

“Nothing was found” — try a different search term or check with your administrator about the minimum search query length. The person may also be in an excluded OU.

“Failed to add members” — the most common cause is insufficient AD permissions. If your administrator has enabled Enforce User Permission Checks, you need explicit Write Members permission on the group in AD.

“Time-limited membership feature is not enabled” — your administrator needs to enable this in the admin panel Settings.

Member already exists in the group — the application skips members that are already in the group without counting them as failures.

Use of this site constitutes acceptance of our Privacy Policy and EULA. Copyright © Albus Bit SIA