Modern Web UI for Samba 4 Active Directory Domain Controller
Documentation • Getting Started • Docker Deployment • Contributing
Samba Conductor is an open-source orchestration suite that provides a modern, responsive web interface for managing Samba 4 Active Directory. It simplifies AD administration through a clean UI with enterprise-grade security.
Work in Progress: This project is under active development and not yet ready for production use. APIs, features, and data formats may change without notice. Contributions and feedback are welcome!
Disclaimer: This software is provided as-is. It is not affiliated with or endorsed by the Samba Team, Microsoft, or any Active Directory vendor. Use in production environments is at your own risk. Always test thoroughly and maintain proper backups.
- User Management — Create, edit, enable/disable AD users with full attribute support
- Group Management — Groups, memberships, and organizational structure
- Organizational Units — Hierarchical OU tree with object organization
- Computer Accounts — Domain-joined machine management
- DNS Management — Zones and records management
- Group Policy (GPO) — Create, link, and manage Group Policy Objects
- Service Accounts — Group Managed Service Accounts (gMSA)
- OAuth2 Server — Authorization Code flow for third-party app authentication (Grafana, Portainer, etc.)
- Self-Service Portal — Users can change passwords and edit their profiles
- Disaster Recovery — Encrypted AD backups to S3-compatible storage
- DC Replication — Automatic replica DC setup via environment variables
- Mobile-First — Responsive design with theme switching (Wine, Classic, Light)
- Zero Stored Credentials — Per-session encrypted credentials, no admin passwords on disk
More screenshots
| Admin Users | Admin Groups |
|---|---|
 |
 |
| Self-Service | Login |
|---|---|
 |
 |
| Layer | Technology |
|---|---|
| Backend | Meteor 3.4 + MongoDB |
| Frontend | React 19 + Tailwind CSS 4 |
| AD Integration | LDAPS + samba-tool |
| Security | AES-256-GCM session encryption, RBAC, PBKDF2 DR keys |
| Deployment | Docker (standalone DC, web app, or all-in-one) |
| AD Level | Windows Server 2016 functional level |
# Clone with submodules
git clone --recurse-submodules https://github.com/edimarlnx/samba-conductor.git
cd samba-conductor
# Start the Samba DC
cd docker
docker compose up -d
# Start the web app
cd ../web
meteor npm install
meteor npm startAlready cloned? Run
git submodule update --init --recursiveto fetch the OAuth2 package.
Open http://localhost:4080 and login with Administrator / P@ssw0rd123!.
See Getting Started for the full setup guide.
# All-in-one (Samba + Web + MongoDB in one container)
cd docker/all-in-one
docker compose up -d
# With replica DC for high availability
cd docker
docker compose --profile replica up -dSee Docker Deployment for all options.
Full documentation is available in the docs/ directory:
For Administrators: Getting Started · Users · Groups · OUs · DNS · GPOs · DR & Backup · OAuth Clients · OAuth Realms · Settings
For Users: Self-Service Portal · Password Policy
Infrastructure: Docker · DC Replication · Join Windows · Join Linux · LDAP Integration · Troubleshooting
Contributions are welcome! Please read the Contributing Guide before submitting a Pull Request.
For security issues, please see SECURITY.md. Do not open public issues for vulnerabilities.