The Settings page in the admin panel controls the core behavior of AD Group Manager Web. All settings on this page are stored in the SQLite database and take effect immediately after saving.
Navigate to the admin panel and click Settings in the navigation bar.
| Setting | Default | Description |
|---|---|---|
| Enable logging | Disabled | When enabled, all membership changes, group edits, and member edits are recorded in the audit log. See Audit Logging. |
It is strongly recommended to enable logging. The audit trail is essential for compliance, troubleshooting, and accountability.
| Setting | Default | Description |
|---|---|---|
| Default domain name | (auto-detected) | The AD domain name pre-filled on the login form (Basic auth only). |
| Allow users to change domain name | Disabled | When enabled, users can type a different domain name on the login form. Useful in multi-domain environments. |
| Setting | Default | Description |
|---|---|---|
| Allow editing group data | Enabled | When enabled, managers can edit group properties (description, email, notes) for fields marked as editable in Fields. |
| Allow editing member data | Enabled | When enabled, managers can edit member properties (name, department, job title, etc.) for fields marked as editable in Fields. |
Disabling these settings turns off editing globally, regardless of individual field editability settings.
| Setting | Default | Description |
|---|---|---|
| Allow export to Excel (XLSX) | Enabled | Show/hide the Excel export button on group and member grids. |
| Allow export to PDF | Enabled | Show/hide the PDF export button on group and member grids. |
These settings control how the member search works when managers add new members. For a detailed explanation of each setting, see Controlling Data Visibility.
| Setting | Default | Description |
|---|---|---|
| Search query minimum length | 1 | Minimum characters required before a search executes (range: 1–10). |
| Safe search queries | Enabled | Restrict search input to Latin letters, numbers, and spaces only. Blocks wildcard and special characters. |
| Activate Extended Search | Disabled | Include the description attribute in searches (in addition to name). |
| Activate Broad Search Matching | Disabled | Use “contains” matching instead of “starts with”. |
| Exclude these OUs from search results | (empty) | Semicolon-separated list of OU distinguished names whose objects should be hidden from search. |
These settings control which types of AD objects can be searched for and added as group members.
| Setting | Default | Description |
|---|---|---|
| Can add users | Enabled | Allow adding user accounts as group members. |
| Can add computers | Enabled | Allow adding computer accounts as group members. |
| Can add groups | Enabled | Allow adding groups as members (nested groups). |
| Can add contacts | Enabled | Allow adding contact objects as group members. |
| Setting | Default | Description |
|---|---|---|
| Show Security Groups | Enabled | Display security groups on the All Groups page. |
| Show Distribution Groups | Enabled | Display distribution groups on the All Groups page. |
If you disable a group type, groups of that type won’t appear on the manager’s All Groups page even if they have managedBy rights.
| Setting | Default | Description |
|---|---|---|
| Enforce User Permission Checks | Disabled | When enabled, the application checks if the current user has AD-level Write Members permission on the group before allowing add/remove operations. |
When disabled, the application relies solely on managedBy visibility — any manager who can see a group can modify its membership.
| Setting | Default | Description |
|---|---|---|
| Enable Bulk Add Members | Disabled | Allow semicolon-separated input for adding multiple members at once. |
| Enable Bulk Remove Members | Disabled | Allow semicolon-separated input for removing multiple members at once. |
| Enable Multi-Group Add | Disabled | Allow managers to select multiple groups and add the same members to all of them. |
| Setting | Default | Description |
|---|---|---|
| Enable Time-Limited Group Membership | Disabled | Allow managers to set an expiration duration when adding members. Memberships automatically expire after the specified time. |
This feature requires Windows Server 2016 or later with a domain functional level of 2016 or higher. It uses the native Active Directory TTL membership feature.
The Settings page displays the current branding values as read-only fields for reference:
| Setting | Description |
|---|---|
| Application title | The title shown in the browser tab and header |
| Tagline | Subtitle text shown below the title |
| Small logo | URL or path to the small logo image |
| Large logo | URL or path to the large logo image |
| Footer | Footer text shown at the bottom of every page |
| All Groups info text | Help text shown on the All Groups page |
| Background color | The header/navigation bar background color (hex value) |
To edit branding values, use the Interface Customization page, which includes a Branding category where all these values can be customized.
| Setting | Default | Description |
|---|---|---|
| License expiration reminder (days) | (configurable) | Number of days before license expiration to start showing a reminder banner. |
After making changes, click the Save button at the bottom of the page. All changes take effect immediately — no application restart is required.