Installation

This guide covers the full installation process. If you want a condensed version, see the Quick Start Guide.

Step 1: Prepare your Windows Server

Before running the installer, your server needs two components:

Enable IIS

If IIS is not already enabled, open Server Manager and add the Web Server (IIS) server role. See the detailed IIS setup guide for step-by-step instructions.

Install the ASP.NET Core Hosting Bundle

Download and install the ASP.NET Core 10 Hosting Bundle from Microsoft’s .NET 10 download page. Make sure you download the Hosting Bundle (not just the Runtime or SDK) — this includes both the .NET runtime and the IIS integration module.

After installing the Hosting Bundle, restart IIS by running iisreset from an elevated command prompt, or restart the server.

Step 2: Run the installer

Download the latest version from the AD Group Manager Web download page and run setup.exe on your server.

The installer provides two options:

• IIS Quick Setup — automatically creates an IIS website and application pool. This is the recommended option for most installations.
• Manual install — copies files to a directory you specify. You then create the IIS website and application pool yourself.

After installation, the default location is C:\Program Files\Albus Bit\AD Group Manager Web\ (or whatever folder you chose during setup). The runtime files that IIS points at live in the wwwroot\ subfolder:

• wwwroot\appsettings.json — the main configuration file
• wwwroot\web.config — the IIS hosting configuration (auto-generated, usually no changes needed)
• wwwroot\adgm.db — the SQLite database, created automatically the first time the site starts successfully

The install folder also contains an IISSetup\ folder (used by the IIS Quick Setup option) and the standard uninstaller files (unins000.exe, unins000.dat, unins000.msg). These are normal — you don’t need to touch them.

Step 3: Configure appsettings.json

Open appsettings.json in the wwwroot\ subfolder of the install directory (e.g. C:\Program Files\Albus Bit\AD Group Manager Web\wwwroot\appsettings.json) with a text editor. At minimum, configure the Administration section so you can log in as an administrator:

{
  "Administration": {
    "AdminUsers": ["your.username"],
    "AdminGroups": ["IT_Admins"]
  },
  "Authentication": "Basic"
}

• AdminUsers — a list of AD sAMAccountName values that will have administrator access.
• AdminGroups — a list of AD group names whose members will have administrator access.
• Authentication — set to "Basic" (default) for AD username/password login, or "Windows" for Kerberos SSO (requires additional setup).

You can use AdminUsers, AdminGroups, or both. The default value is "AdminGroups": ["Administrators"].

For a complete reference of all configuration options, see appsettings.json Reference.

Step 4: Log in and configure

Open a browser and navigate to your site URL (for example, http://your-server/ADGroupManagerWeb).

First login as administrator

Log in with a username you added to AdminUsers or a member of a group in AdminGroups. You will be redirected to the admin panel.

The admin panel has these sections:

• Settings — enable/disable audit logging, configure search behavior, allow or restrict data editing and exports, enable bulk operations and time-limited memberships.
• Fields — choose which Active Directory attributes are visible and editable for groups and members.
• License — enter your license key or manage your trial.
• Notifications — configure SMTP, instant email notifications, and scheduled reports.
• Interface Customization — translate UI text and apply language presets (French, German, or custom).
• Group Discovery — enable the self-service group discovery and access request feature.
• Access Requests — review and manage pending access requests.

Recommended initial configuration

1. Enable audit logging — in Settings, turn on logging so all membership changes are recorded.
2. Configure visible fields — in Fields, choose which AD attributes managers should see for groups and members.
3. Set search restrictions — in Settings, consider increasing the minimum search query length and enabling safe search to prevent managers from browsing all users.

Step 5: Test with a manager account

To verify the setup works end-to-end:

1. Make sure you have at least one AD group with a managedBy value pointing to a test user. See How to set up a manager for instructions.
2. Log out of the admin account and log in as the test manager.
3. You should see the All Groups page listing only the groups assigned to that manager.
4. Click on a group to view its members, try adding a member, and try removing a member.

If the manager doesn’t see any groups, verify that the managedBy attribute is correctly set in Active Directory and that the group is not in an excluded OU.

Next steps

• Set up SSL/TLS for encrypted connections
• Configure Windows Authentication for single sign-on
• Set up email notifications
• Learn about upgrading to future versions