Managing Active Directory from Anything via Web: Why I Built an Open-Source Tool with Spring Boot and Vaadin

Hi DEV community! 👋

I worked as system administrator and always faced a frustrating limitation: most standard tools for Active Directory management are either tied strictly to Windows (like RSAT) or hidden behind massive, incredibly expensive enterprise web consoles.

I wanted something modern, self-hosted, lightweight, and cross-platform. Since I couldn’t find a clean open-source web UI that checked all the boxes, I spent the last few months building Sysadmin Anywhere.

It is a fully open-source (MIT licensed) platform designed to simplify AD administration and remote server management right from your browser.

Here is how it looks and why I chose this specific tech stack.

🚀 What Sysadmin Anywhere Can Do

The platform bridges the gap between traditional directory management and modern web tools. Out of the box, it features:

• Active Directory Management: Full user and group CRUD operations, secure password resets, and bulk imports via CSV.
• Remote Server Monitoring: You can monitor Windows processes, services, and event logs directly from the web interface without RDP.
• Workflow Automation: It features native integration with n8n to trigger complex workflows based on AD events.
• Security First: Built-in integration with HashiCorp Vault for managing infrastructure secrets safely.
• Dockerized Setup: Can be spun up in less than 2 minutes using standard docker-compose.

💻 The Architecture & Tech Stack

Choosing the right stack was crucial for building a secure and responsive enterprise-grade tool:

• Backend: Java 21 & Spring Boot 4. Java is still a king when it comes to robust LDAP integrations and enterprise stability.
• Frontend: Vaadin Flow. Instead of building a separate React/Vue frontend and dealing with complex REST APIs, Vaadin allowed me to write a secure, type-safe web UI entirely in Java. It keeps the UI state on the server, which is excellent for security.
• Database: PostgreSQL for app-specific data and configuration tracking.

The project is heavily modularized using Maven, ensuring that adding new features (like upcoming asset tracking or cloud integrations) doesn't break existing core logic.

💬 I'd Love Your Feedback!

The project is growing, and I am looking for honest feedback from fellow sysadmins and Java developers.

• What features do you feel are missing most in your daily AD management routine?
• How do you feel about using Vaadin for infrastructure tools?

If you want to look at the source code, report a bug, or help with features, check out our repository:

👉 GitHub: https://github.com/sysadminanywhere/sysadminanywhere

If you find the project useful, dropping a ⭐️ on GitHub would mean the world to me and helps more people discover it!

Comments

[buildbasekit]

This is actually a genuinely useful OSS project.

A lot of “enterprise tools” are just expensive wrappers around pain everyone already accepts 😄

Cross-platform AD management via browser makes a lot of sense, especially for smaller teams that don’t want heavyweight enterprise suites.

Also respect for choosing Vaadin here.

Most people would default to React + Spring Boot because that’s the fashionable stack, but for internal/admin tooling, server-driven UI in Java is a very pragmatic choice.

Question though: exposing AD + remote server management in a web app makes security architecture absolutely critical.

How are you handling auth boundaries, RBAC, audit logs, session security, and blast radius if the app itself is compromised?

Because that’s probably the first thing infra folks will evaluate before features.

[Igor Markin]

Agreed, security is absolutely a priority, and without proper security architecture, such a tool cannot be used in a real infrastructure.

In the current implementation, everything is built on using AD credentials for login. That is, authentication happens through the domain, and the application does not store any additional passwords.

Additionally, there is an option to restrict access at the level of individual AD users or groups. This allows you to flexibly configure which employees can access the web interface and manage AD through the browser.

Full RBAC, audit logs, and session security are currently being worked on. For now, the project solves the problem of convenient cross-platform access for small teams, but without a solid security architecture, infrastructure folks won't take it into production. Thanks for the important questions!