diff --git a/services/save-and-restore/src/main/java/org/phoebus/service/saveandrestore/web/config/WebSecurityConfig.java b/services/save-and-restore/src/main/java/org/phoebus/service/saveandrestore/web/config/WebSecurityConfig.java
index 1b90f4b65e..090101b991 100644
--- a/services/save-and-restore/src/main/java/org/phoebus/service/saveandrestore/web/config/WebSecurityConfig.java
+++ b/services/save-and-restore/src/main/java/org/phoebus/service/saveandrestore/web/config/WebSecurityConfig.java
@@ -19,9 +19,11 @@
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
 import org.springframework.security.config.ldap.LdapBindAuthenticationManagerFactory;
+import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.ldap.DefaultSpringSecurityContextSource;
+import org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider;
 import org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator;
 import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator;
 import org.springframework.security.ldap.userdetails.PersonContextMapper;
@@ -199,6 +201,25 @@ public LdapAuthoritiesPopulator authorities(BaseLdapPathContextSource contextSou
         return myAuthPopulator;
     }
 
+    @Bean
+    @ConditionalOnProperty(name = "auth.impl", havingValue = "ad")
+    public AuthenticationManager authenticationProvider() throws Exception {
+        ActiveDirectoryLdapAuthenticationProvider adProvider =
+                new ActiveDirectoryLdapAuthenticationProvider(ad_domain, ad_url);
+        adProvider.setConvertSubErrorCodesToExceptions(true);
+        adProvider.setUseAuthenticationRequestCredentials(true);
+        adProvider.setUserDetailsContextMapper(new PersonContextMapper());
+        SimpleAuthorityMapper simpleAuthorityMapper = new SimpleAuthorityMapper();
+        simpleAuthorityMapper.setConvertToUpperCase(true);
+        adProvider.setAuthoritiesMapper(simpleAuthorityMapper);
+        return new AuthenticationManagerBuilder(new ObjectPostProcessor<>() {
+            @Override
+            public <O> O postProcess(O object) {
+                return object;
+            }
+        }).authenticationProvider(adProvider).build();
+    }
+
     @Bean
     @ConditionalOnProperty(name = "auth.impl", havingValue = "demo")
     public AuthenticationManager demoAuthenticationManager(AuthenticationManagerBuilder auth) throws Exception {