AD Group Manager Web - Online Manual

Online Manual

Quick Start Guide

This guide walks you through the fastest path from download to a working installation. You should be up and running in about 15 minutes.

For detailed explanations of each step, follow the links to the relevant manual pages.

Prerequisites

Before you start, make sure you have:

  • A Windows Server (2016 or later) joined to your Active Directory domain.
  • Administrator access to that server.
  • At least one AD group with a managedBy value set to a test user. If you don’t have one yet, you’ll set it up in Step 4.

Step 1: Install IIS and the .NET Hosting Bundle

Your server needs two components:

Enable IIS — open Server Manager, click “Add Roles and Features”, and enable the Web Server (IIS) role. Accept the default role services. See the detailed IIS setup guide if you need help.

Install the ASP.NET Core 10 Hosting Bundle — download it from Microsoft’s .NET 10 download page. Run the installer and restart your server (or restart IIS with iisreset).

Step 2: Install AD Group Manager Web

Download the installer from the AD Group Manager Web download page and run setup.exe on your server. The installer gives you two options:

  • IIS Quick Setup — creates the IIS site automatically (recommended for most users).
  • Manual install — copies files to a folder you specify, and you configure IIS yourself.

The application files are installed into a folder under IIS (typically C:\inetpub\wwwroot\ADGroupManagerWeb or the location you choose).

Step 3: Configure admin access

Open the file appsettings.json in the application’s root folder. Find the Administration section and add your AD username or an AD group that should have administrator access:

{
  "Administration": {
    "AdminUsers": ["your.username"],
    "AdminGroups": ["IT_Admins"]
  },
  "Authentication": "Basic"
}

You can specify individual usernames in AdminUsers, AD group names in AdminGroups, or both. Use the sAMAccountName format (not the full distinguished name). The default configuration has AdminGroups set to ["Administrators"].

The Authentication setting controls how users log in:

  • "Basic" (default) — users enter their AD username and password on a login page.
  • "Windows" — users are authenticated automatically via Kerberos SSO. This requires additional IIS configuration.

For your first test, leave it set to "Basic".

The full appsettings.json with all default values looks like this:

{
  "ConnectionStrings": {
    "SqliteConnection": "Data Source=adgm.db"
  },
  "AllowedHosts": "*",
  "AppSettings": {
    "InactiveSessionTimeoutInMinutes": "60"
  },
  "Administration": {
    "AdminUsers": [],
    "AdminGroups": ["Administrators"]
  },
  "Authentication": "Basic",
  "DebugMode": "False",
  "DebugPath": "logs",
  "AllowedOUs": [],
  "CommonSettings": {
    "ShowAllGroupOwners": true
  }
}

Save the file, then open a browser and navigate to the site URL (for example, http://your-server-name/ADGroupManagerWeb).

Step 4: Set up a test manager in Active Directory

If you don’t already have a group with a managedBy value, set one up now.

Open Active Directory Users and Computers (or ADAC) and find a test group. Open its properties and go to the Managed By tab:

  1. Click Change and select the user who should manage this group.
  2. Check Manager can update membership list (this grants the user Write Members permission on the group).
  3. Click OK to save.

The managedBy value can be a specific user or a security group. If you set a group as the manager, all members of that group will be able to manage the target group.

For more details and advanced delegation scenarios, see How to set up a manager and Setup examples.

Step 5: Log in and test

Open a browser and go to your AD Group Manager Web URL. You’ll see the login page:

  1. Log in as your admin user first. You’ll be redirected to the admin panel where you can configure settings, fields, notifications, and more.

  2. Log in as the test manager you configured in Step 4. You should see the All Groups page listing only the groups assigned to that manager via managedBy.

  3. Test the workflow: click a group to view its members, try adding a member by searching for an AD user, and try removing a member. Every action is logged if audit logging is enabled.

What to configure next

Now that you have a working installation, here are the most common next steps:

Task Where
Choose which AD fields managers can see and edit Admin panel → Fields
Turn on audit logging for all changes Admin panel → Settings → Enable logging
Set up email notifications for membership changes Admin panel → Notifications
Switch to Windows Authentication (SSO) Windows Authentication guide
Restrict who can log in by OU OU Access Control
Enable group discovery and access requests Admin panel → Group Discovery
Customize branding, logos, and colors Admin panel → Interface Customization
Translate the UI to another language Admin panel → Interface Customization
Restrict search to prevent data exposure Admin panel → SettingsSearch settings
Enable bulk add/remove operations Admin panel → Settings
Enable time-limited group memberships Admin panel → Settings
Set up SSL/TLS for encrypted connections SSL Setup guide
Enter your license key Admin panel → License

For the full installation guide with detailed explanations, see Installation.

Use of this site constitutes acceptance of our Privacy Policy and EULA. Copyright © Albus Bit SIA