diff --git a/cookbooks/arcgis-enterprise/attributes/server.rb b/cookbooks/arcgis-enterprise/attributes/server.rb
index 0f76319..487b9e3 100644
--- a/cookbooks/arcgis-enterprise/attributes/server.rb
+++ b/cookbooks/arcgis-enterprise/attributes/server.rb
@@ -34,6 +34,10 @@
   server['web_context_url'] = 'https://' + node['arcgis']['server']['domain_name'] + '/' + node['arcgis']['server']['wa_name']
   server['admin_username'] = 'admin'
   server['admin_password'] = 'changeit'
+  server['active_directory_username'] = node['arcgis']['run_as_user']
+  server['active_directory_password'] = node['arcgis']['run_as_password']
+  server['active_directory_groups_administer'] = 'changeit'
+  server['active_directory_groups_publisher'] = 'changeit'
   server['managed_database'] = ''
   server['replicated_database'] = ''
   server['keystore_file'] = ''
@@ -46,6 +50,7 @@
   server['configure_autostart'] = true
   server['install_system_requirements'] = true
   server['use_join_site_tool'] = false
+  server['configure_active_directory'] = false
 
   unless node['arcgis']['server']['authorization_file'].nil?
     server['cached_authorization_file'] = ::File.join(Chef::Config[:file_cache_path],
diff --git a/cookbooks/arcgis-enterprise/libraries/server_admin_client.rb b/cookbooks/arcgis-enterprise/libraries/server_admin_client.rb
index 8797bb1..298fd2e 100644
--- a/cookbooks/arcgis-enterprise/libraries/server_admin_client.rb
+++ b/cookbooks/arcgis-enterprise/libraries/server_admin_client.rb
@@ -610,6 +610,91 @@ def update_system_properties(properties)
 
       validate_response(response)
     end
+    
+    def set_identity_store_to_windows(admin_user, admin_user_password)
+      request = Net::HTTP::Post.new(URI.parse(@server_url + '/admin/security/config/updateIdentityStore').request_uri)
+      
+      request.add_field('Referer', 'referer')
+      
+      token = generate_token()
+      
+      userStoreConfig = {
+        'type' => "WINDOWS",
+        'properties' => {
+          'adminUser' => admin_user,
+          'adminUserPassword' => admin_user_password
+        }
+      }
+      
+      roleStoreConfig = {
+        'type' => "WINDOWS",
+        'properties' => {
+          'adminUser' => admin_user,
+          'adminUserPassword' => admin_user_password
+        }
+      }
+
+      request.set_form_data('userStoreConfig' => userStoreConfig.to_json,
+                            'roleStoreConfig' => roleStoreConfig.to_json,
+                            'token' => token, 
+                            'f' => 'json')
+
+      response = send_request(request, @server_url)
+
+      validate_response(response)
+    end
+    
+    def set_identity_store_to_asp_net(admin_user, admin_user_password)
+      request = Net::HTTP::Post.new(URI.parse(@server_url + '/admin/security/config/updateIdentityStore').request_uri)
+      
+      request.add_field('Referer', 'referer')
+      
+      token = generate_token()
+      
+      userStoreConfig = {
+        'type' => "ASP_NET",
+        'class' => "AGSMembershipProvider.AGSADMembershipProvider",
+        'properties' => {
+          'adminUser' => admin_user,
+          'adminUserPassword' => admin_user_password
+        }
+      }
+      
+      roleStoreConfig = {
+        'type' => "ASP_NET",
+        'class' => "AGSMembershipProvider.AGSADRoleProvider",
+        'properties' => {
+          'adminUser' => admin_user,
+          'adminUserPassword' => admin_user_password
+        }
+      }
+
+      request.set_form_data('userStoreConfig' => userStoreConfig.to_json,
+                            'roleStoreConfig' => roleStoreConfig.to_json,
+                            'token' => token, 
+                            'f' => 'json')
+
+      response = send_request(request, @server_url)
+
+      validate_response(response)
+    end
+    
+    def assign_privileges(rolename, privilege)
+      request = Net::HTTP::Post.new(URI.parse(@server_url + '/admin/security/roles/assignPrivilege').request_uri)
+      
+      request.add_field('Referer', 'referer')
+      
+      token = generate_token()
+      
+      request.set_form_data('rolename' => rolename,
+                            'privilege' => privilege,
+                            'token' => token, 
+                            'f' => 'json')
+
+      response = send_request(request, @server_url)
+
+      validate_response(response)
+    end
 
     private
 
diff --git a/cookbooks/arcgis-enterprise/providers/server.rb b/cookbooks/arcgis-enterprise/providers/server.rb
index ef0c906..56e45ef 100644
--- a/cookbooks/arcgis-enterprise/providers/server.rb
+++ b/cookbooks/arcgis-enterprise/providers/server.rb
@@ -695,6 +695,77 @@
   end
 end
 
+action :set_identity_store_to_windows do
+  if node['platform'] == 'windows'
+    begin
+      admin_client = ArcGIS::ServerAdminClient.new(@new_resource.server_url,
+                                                   @new_resource.username,
+                                                   @new_resource.password)
+    
+      admin_client.wait_until_available
+      
+      Chef::Log.info('Setting ArcGIS Server Identity Store to Windows (Active Directory)...')
+    
+      admin_client.set_identity_store_to_windows(@new_resource.active_directory_username,
+                               @new_resource.active_directory_password)
+
+      admin_client.wait_until_available
+    rescue Exception => e
+      Chef::Log.error "Failed to set ArcGIS Server Identity Store to Windows (Active Directory). " + e.message
+      raise e
+    end
+  end
+end
+
+action :set_identity_store_to_asp_net do
+  if node['platform'] == 'windows'
+    begin
+      admin_client = ArcGIS::ServerAdminClient.new(@new_resource.server_url,
+                                                   @new_resource.username,
+                                                   @new_resource.password)
+    
+      admin_client.wait_until_available
+      
+      Chef::Log.info('Setting ArcGIS Server Identity Store to ASP.NET (Active Directory)...')
+    
+      admin_client.set_identity_store_to_asp_net(@new_resource.active_directory_username,
+                               @new_resource.active_directory_password)
+
+      admin_client.wait_until_available
+    rescue Exception => e
+      Chef::Log.error "Failed to set ArcGIS Server Identity Store to Windows (Active Directory). " + e.message
+      raise e
+    end
+  end
+end
+
+action :assign_privileges do
+  if node['platform'] == 'windows'
+    begin
+      admin_client = ArcGIS::ServerAdminClient.new(@new_resource.server_url,
+                                                   @new_resource.username,
+                                                   @new_resource.password)
+    
+      admin_client.wait_until_available
+      
+      Chef::Log.info('Assigning privileges to Active Directory groups...')
+      
+      @new_resource.roles_administer.each do |admin_role|
+        admin_client.assign_privileges(admin_role,"ADMINISTER")
+      end
+      
+      @new_resource.roles_publisher.each do |publisher_role|
+        admin_client.assign_privileges(publisher_role,"PUBLISH")
+      end
+      
+      admin_client.wait_until_available
+    rescue Exception => e
+      Chef::Log.error "Failed to set ArcGIS Server Identity Store to Windows (Active Directory). " + e.message
+      raise e
+    end
+  end
+end
+
 private
 
 def generate_admin_token(install_dir, expiration)
diff --git a/cookbooks/arcgis-enterprise/recipes/server_active_directory.rb b/cookbooks/arcgis-enterprise/recipes/server_active_directory.rb
new file mode 100644
index 0000000..86b46bf
--- /dev/null
+++ b/cookbooks/arcgis-enterprise/recipes/server_active_directory.rb
@@ -0,0 +1,40 @@
+#
+# Cookbook Name:: arcgis-server
+# Recipe:: server_active_directory
+#
+# Copyright 2015 Esri
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+if node['platform'] == 'windows'
+  arcgis_enterprise_server 'Couple ArcGIS Server with Active Directory' do
+    server_url node['arcgis']['server']['url']
+    username node['arcgis']['server']['admin_username']
+    password node['arcgis']['server']['admin_password']
+    active_directory_username node['arcgis']['server']['active_directory_username']
+    active_directory_password node['arcgis']['server']['active_directory_password']
+    only_if { node['arcgis']['server']['configure_active_directory'] }
+    action :set_identity_store_to_asp_net
+  end
+  
+  arcgis_enterprise_server 'Assign ArcGIS Server roles to Active Directory groups' do
+    server_url node['arcgis']['server']['url']
+    username node['arcgis']['server']['admin_username']
+    password node['arcgis']['server']['admin_password']
+    roles_administer node['arcgis']['server']['active_directory_groups_administer']
+    roles_publisher node['arcgis']['server']['active_directory_groups_publisher']
+    only_if { node['arcgis']['server']['configure_active_directory'] }
+    action :assign_privileges
+  end
+end
diff --git a/cookbooks/arcgis-enterprise/resources/server.rb b/cookbooks/arcgis-enterprise/resources/server.rb
index ab804a9..94e5cb1 100644
--- a/cookbooks/arcgis-enterprise/resources/server.rb
+++ b/cookbooks/arcgis-enterprise/resources/server.rb
@@ -19,7 +19,9 @@
 
 actions :system, :unpack, :install, :uninstall, :update_account, :stop, :start,
         :configure_autostart, :authorize, :create_site, :join_site,
-        :join_cluster, :configure_https, :register_database, :federate
+        :join_cluster, :configure_https, :register_database, :federate,
+        :set_identity_store_to_windows, :set_identity_store_to_asp_net,
+        :assign_privileges
 
 attribute :setup_archive, :kind_of => String
 attribute :setups_repo, :kind_of => String
@@ -44,6 +46,11 @@
 attribute :portal_password, :kind_of => String
 attribute :username, :kind_of => String
 attribute :password, :kind_of => String
+attribute :active_directory_username, :kind_of => String
+attribute :active_directory_password, :kind_of => String
+attribute :roles_administer, :kind_of => Array
+attribute :roles_publisher, :kind_of => Array
+attribute :configure_active_directory, :kind_of => [TrueClass, FalseClass], :default => false
 attribute :server_directories_root, :kind_of => String
 attribute :config_store_connection_string, :kind_of => String
 attribute :config_store_connection_secret, :kind_of => String
diff --git a/roles/webgis-windows.json b/roles/webgis-windows.json
index 7afdca1..46985e7 100644
--- a/roles/webgis-windows.json
+++ b/roles/webgis-windows.json
@@ -17,6 +17,9 @@
     "server":{
       "admin_username":"admin",
       "admin_password":"changeit",
+      "configure_active_directory":true,
+      "active_directory_groups_administer":["MyDomain\\GroupA", "MyDomain\\GroupB"],
+      "active_directory_groups_publisher":["MyDomain\\GroupC", "MyDomain\\GroupD"],
       "setup":"C:\\ArcGIS\\10.5\\Server\\Setup.exe",
       "authorization_file":"C:\\ArcGIS\\10.5\\Authorization_Files\\Server.prvc",
       "keystore_file":"C:\\keystore\\mydomain_com.pfx",
@@ -40,6 +43,7 @@
     "recipe[esri-iis]",
     "recipe[arcgis-enterprise::server]",
     "recipe[arcgis-enterprise::server_wa]",
+    "recipe[arcgis-enterprise::server_active_directory]",
     "recipe[arcgis-enterprise::datastore]",
     "recipe[arcgis-enterprise::portal]",
     "recipe[arcgis-enterprise::portal_wa]",