Before installing AD Group Manager Web, verify that your environment meets the following requirements.
| Component | Requirement |
|---|---|
| Operating system | Windows Server 2016, 2019, 2022, or later |
| Web server | IIS (Internet Information Services) with the Web Server role enabled |
| Runtime | ASP.NET Core 10 Hosting Bundle |
| Database | None required — the application uses an embedded SQLite database (adgm.db) |
| Disk space | Approximately 50 MB for the application files, plus space for log files and the SQLite database |
| Memory | Minimal — the application has a small footprint and runs within an IIS Application Pool |
The server must be joined to the Active Directory domain (or have network access to a domain controller).
| Component | Requirement |
|---|---|
| Domain functional level | Windows Server 2003 or higher |
| Schema extensions | None — AD Group Manager Web uses only standard AD attributes (managedBy, msExchCoManagedByLink, member, standard user/group properties) |
| Permissions | The application pool identity (or service account for Windows Authentication) needs Read access to user, group, computer, and contact objects, and Write Members permission on the groups that managers will manage |
If you use the default Basic authentication mode, each manager authenticates with their own AD credentials, and their own permissions determine what they can do. A dedicated service account is only required when using Windows Authentication.
| Component | Requirement |
|---|---|
| Browser | Any modern browser: Chrome, Edge, Firefox, Safari |
| Plugins | None — the application is a standard web application with no client-side plugins or ActiveX controls |
| Operating system | Any — managers can access the portal from Windows, macOS, Linux, or mobile devices |
| Network | The client must be able to reach the IIS server over HTTP or HTTPS |
For Windows Authentication (Kerberos SSO), the client machine should be joined to the same AD domain (or a trusted domain) and the browser must support Negotiate/Kerberos authentication.
The IIS server needs the following network connectivity:
No outbound internet connectivity is required. The application runs entirely on-premises and does not phone home or contact external services.