Welcome to Group Management Tool

This free self service portal provides your users in Active Directory an easy way to manage 'their' groups. Only 3 steps are required to maintain group members.

MainScreen

Introduction

In a normal Active Directory environment permissions to resources are controlled by groups and their membership. Simply speaking, a user member of a particular group has permission to a particular resource. If a user needs access to a resource the IT department will be contacted which then fulfills the request.

In a small environment it only takes a few steps. In bigger companies the it might take several steps more to solve a user's request (Ticket processing, approval handling, etc.).

This tool helps out. It gives a user a way to update the membership of a group that she is been trusted in 3 steps without contacting IT. - Time saving for the user and for the IT department!

From user's perspective

A user opens Internet Explorer and navigates to the URL under which the tool has been published. E.g. http://adgmt. The user will be authenticated through windows authentication without keying in password and sees directly which groups she is able to manage: ShGroups

Members of the first group will be shown automatically: ShMembers

Members can be deleted by selecting and choosing the delete link. New users can be added to the group by typing in a few characters of the new user's name or UserID and adding him with the add-link: SearchUsr AddUsr

Last the changes must be committed by clicking the updated-membership link: AddOK

A status message will inform if the action succeeded or failed.

The e-mail link top right corner of the page will sent the group membership of the present displayed group to the user.

Multiple language support! According to the browser's language setting the language is selected.

From IT's perspective

Locate the group you like to delegate to the user / or a user group in Active Directory ADgrp1

Select the tab 'MangedBy' and specify the user / or user group which should be able to manage the group. Check the 'Manager can update membership' checkbox and safe the changes. ADGrp2

The tool provides a list of all groups which have the 'managedBy' plus 'Manager can update membership' checked as overview. The e-mail button will sent the displayed page to you. Overview

All text can be changed in the AppText.xml file. The browser's language setting determines the selected language. Lang

Technical Summery

The software is build in ASP.Net WebForms and requires .Net 4.5.1 framework running on a Windows Server 2008 R2 or higher. The server hosting the page must be part of Active Directory. Only Internet Explorer has been tested as it offers 'pass-through' Windows Authentication by default.

Groups which users can edit and the available users that can be added are gathered from plain text files. These files are generated by the powershell scripts you find here as well. - They require customization to your environment.

For a brief documentation how to configure it, please check: HowTo

If you still need support to get the tool running in your requirement, feel free to contact me. :-)

Juanito

Note: Icons and pictures used from DoublejDesign