DeployManager
Open Source · AGPL-3.0 · v1.2.12

Deploy software to
Active Directory
without Intune

ADDeploy generates PowerShell scripts, manages GPO linking, and tracks installations — using your existing AD, network share, and RSAT. No per-device fees. No new servers.

Download v1.2.12 View on GitHub
8releases
AGPL-3.0license
Electron + JSstack
Win 10/11 · Server 2016+requirements
AD Deploy Manager · Dashboard
ADDeploy Dashboard
The Problem

Enterprise deployment tools are priced for enterprises.

You have Active Directory. You have a network share. You know PowerShell. You don't need a $50,000/yr MDM platform.

Microsoft Intune
$6
per device / month
600 seats = $3,600/mo just to push software
Requires Azure AD Join — breaks on-prem-only AD
Microsoft controls your deployment infrastructure
Requires E3/E5 or standalone license
Microsoft SCCM / MECM
$$$
+ SQL Server + full-time specialist
Dedicated management server required
Weeks of setup before first deployment
Full-time SCCM admin to maintain it
Massive overkill for 50–2,000 machines
Manual GPO + Scripts
Hours
per deployment, per app, every time
Hand-write PowerShell for every installer
Hunt down silent args manually
No tracking, no rollback, no detection
One broken script = 200 machines in unknown state
ADDeploy fills the gap between "DIY GPO scripts" and "enterprise MDM."
Works with your existing AD · auto-generates PowerShell · links GPOs directly · free
The App in Action

This is what ADDeploy looks like

UI built for sysadmins who work with AD daily — not for demos.

AD Deploy Manager · Dashboard
Dashboard
System overview
Health status, deployment telemetry from the last 24h, quick actions, and recent activity. Everything in one screen.
How It Works

From installer to deployed fleet in 3 steps

01

Add the app and select target OUs

Import an MSI, EXE, PS1 or search the built-in Winget catalog. ADDeploy auto-detects the installer format (NSIS, InnoSetup, WiX Burn, InstallShield...), extracts the ProductCode, and fills in silent install arguments automatically.

PowerShell
# Auto-detected installer
Installer:    Chrome_Setup.exe
Format:       NSIS  (signature scan)
Silent args:  /S    (auto-filled)
ProductCode:  {8A69D345-D564-463C-...}
              (extracted via registry diff)

Target OUs:   OU=IT,DC=corp,DC=local
              OU=Sales,DC=corp,DC=local
02

ADDeploy generates the script and links the GPO

A production-grade PowerShell script is generated with detection logic, version checking, silent args, and logging hooks. ADDeploy creates and links the GPO to your selected OUs via RSAT — directly from the UI. No GPMC needed.

PowerShell
# Auto-generated: Deploy-Chrome-120.0.ps1
$ProductCode = '{8A69D345-D564-463C-AFF1-A69D9E530F96}'
$Target      = '120.0.6099.109'

$inst = Get-WmiObject Win32_Product |
  Where-Object { $_.IdentifyingNumber -eq $ProductCode }

if (-not $inst -or
    [Version]$inst.Version -lt [Version]$Target) {
    Start-Process "$Share\Chrome.exe" -Args '/S' -Wait
    Write-Log "Chrome $Target → $env:COMPUTERNAME"
}
03

Machines install at next boot

GPO startup scripts run at next machine boot. The optional logging server (Docker Compose stack) ingests results in real-time: per-machine status, version installed, success/failure. With the BEACON agent (coming soon): deployments in 60 seconds, no reboot.

PowerShell
# Live deployment feed — logging server
[09:12:44] IT-PC-01   Chrome 120.0  INSTALLED  ✓  2.1s
[09:13:01] SL-PC-07   Chrome 120.0  INSTALLED  ✓  1.8s
[09:13:22] SL-PC-12   Chrome 120.0  INSTALLED  ✓  2.4s
[09:14:55] DV-WS-03   Chrome 120.0  INSTALLED  ✓  1.9s
[09:15:01] DV-WS-08   Chrome 115.0  SKIPPED    —  already current
[09:15:44] SL-PC-44   Chrome 120.0  INSTALLED  ✓  2.2s

Summary: 59/60 installed. 1 pending reboot.
Features

Everything you need. Nothing you don't.

Built for sysadmins who already know AD and PowerShell — no 6-month onboarding curve.

Installer Intelligence

Signature scan detects NSIS, InnoSetup, WiX Burn, InstallShield, Squirrel and 5+ more. Silent args auto-filled. MSI ProductCode extracted from registry. EXE snapshot diff discovers ProductCode post-install.

Native AD Integration

Visual OU browser with full AD tree mapping. Create, link, and manage GPOs directly from the UI — no GPMC needed. Bulk OU assignment with conflict detection. RSAT detection and guided setup.

22+ Parametric Templates

Pre-built templates for Wazuh, SentinelOne, Microsoft Office, and 19+ enterprise apps. Parameters for agent IDs, endpoints, and license keys. App bundles for full software suites. Custom templates.

Security Hardened

Context isolation + sandboxing enforced in Electron. PowerShell input sanitization on all generated scripts. DPAPI-encrypted secret storage. TLS certificate pinning. IPC channel validation.

Centralized Logging

Optional self-hosted logging server via Docker Compose. Real-time log ingestion from all machines. Per-machine deployment status, success/failure tracking, and full activity history per app.

Detection + Version Rules

Detect via MSI ProductCode, file path, registry key, or tracker. Version-aware: only reinstalls when installed < target. App dependency ordering. Uninstall scripts for MSI, registry, Winget, or custom command.

App Catalog + Winget

Built-in catalog with 50+ popular apps pre-configured. Winget and Microsoft Store integration with correct script generation. CLI catalog search via winget show. Version check against installed.

Scripts + Custom Templates

Production-grade PowerShell auto-generated with silent args, detection logic, error handling, and logging. Custom reusable PS1 templates. Import/export configs as JSON. Wizard mode and advanced mode.

Open Source

Built in public.
Owned by you.

AGPL-3.0 licensed. Self-hosted. Deployment scripts run on your machines, logs stay on your server, configs live in your environment. No cloud dependency. No telemetry you didn't ask for.

No per-device pricing500 seats costs the same as 5. $0.
No vendor lock-inScripts work forever. No subscription to keep them running.
No cloud dependencyEverything runs inside your network.
Fully auditableRead the source. Know exactly what runs on your machines.
AGPL-3.0Modifications must stay open source. No proprietary forks.
View Source Star on GitHub
AGPL
License v3.0
source stays open
8
Releases
latest: v1.2.12
$0
Monthly cost
no trial, no paywall
0
Telemetry
audit the code yourself
JS
Language (90.7%)
Electron + Node.js
Seats
no per-device limit
Compare

How ADDeploy stacks up

Honest comparison. We're not going to hide what Intune does that we can't (yet).

ADDeploy
FREE
IntuneSCCMPDQ Deploy
Price
Free
~$6/device/mo
Expensive
Free / $$$
Open Source
Self-hosted
AD-native
Partial
No new infra needed
Partial
Real-time agent
Soon
App catalog
Silent arg detection
Auditable scripts
Partial
DPAPI security

Intune pricing as of 2025. SCCM requires Software Assurance or M365. PDQ Deploy free tier has feature limits.

Coming Soon — BEACON Agent

Real-time deployments.
No reboot required.

BEACON is a persistent Windows service that connects each machine to your ADDeploy server. Push software to any machine in 60 seconds — no waiting for Group Policy refresh, no scheduled reboot. Like Intune, but self-hosted and free.

60-second polling + SSE push for sub-second deployments
OU-aware: agent reports its AD DN, server assigns correct apps
Fleet view: every machine, last seen, installed apps, pending jobs
Bootstrap any machine with a single PowerShell one-liner
Runs existing deployment scripts — zero duplication from GPO setup
Bootstrap one-liner (coming soon)
PS C:\> irm https://your-server/beacon/install | iex
BEACON — Fleet View
82 machines · 79 online
MachineOUSeenStatus
IT-PC-01OU=IT5s
12 apps
IT-PC-02OU=IT11s
12 apps
SL-PC-07OU=Sales28s
9 apps
SL-PC-44OU=Sales2s
Deploying Chrome 120...
DV-WS-03OU=Dev6s
18 apps
DV-WS-08OU=Dev4m
last seen 4m ago
79 online · 2 offline · 1 deploying · next poll in 8s
Requirements

Works with what you already have

If you run Active Directory with a network share, you're 90% of the way there.

Required
Windows 10/11 or Server 2016+
Where ADDeploy runs
Active Directory Domain Services
Any functional level
Network share (SMB)
Accessible from all target machines
RSAT — Group Policy Management Tools
For creating and linking GPOs
Optional
Docker / Docker Compose
For the centralized logging server
BEACON Agent (roadmap)
Persistent agent on each machine
Winget (on clients)
For Winget-based deployments
Built With
Electron
Desktop app shell — Windows native
JavaScript (90.7%)
Main application language
PowerShell
All generated deployment scripts
Docker Compose
Logging server stack
Get Started

Stop paying per-device.
Start deploying.

ADDeploy is free, AGPL-3.0 licensed, and runs on your existing infrastructure. Download the Electron app, connect to your domain, and deploy your first app in under an hour.

PowerShell — CORP\Administrator
PS C:\> # 1. Download the latest release
PS C:\> Start-Process "https://github.com/gpandres/ActiveDirectoryDeployManager/releases/latest"
PS C:\> # 2. Run the installer
PS C:\> .\ADDeploy-Setup-v1.2.12.exe
PS C:\> # 3. Connect your domain and deploy
PS C:\>
Download v1.2.12 Star on GitHub Documentation