diff --git a/connectors/activedirectory/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/activedirectory/ActiveDirectoryAuthority.java b/connectors/activedirectory/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/activedirectory/ActiveDirectoryAuthority.java
index cb570c2..9a97cb4 100644
--- a/connectors/activedirectory/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/activedirectory/ActiveDirectoryAuthority.java
+++ b/connectors/activedirectory/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/activedirectory/ActiveDirectoryAuthority.java
@@ -52,6 +52,7 @@ public class ActiveDirectoryAuthority extends org.apache.manifoldcf.authorities.
   private long responseLifetime = 60000L;
   private int LRUsize = 1000;
   private String ldapConnectionTimeout = null;
+  private boolean returnGroupsName = false;
 
   /** Session information for all DC's we talk with. */
   private Map<String,DCSessionInfo> sessionInfo = null;
@@ -146,6 +147,10 @@ public class ActiveDirectoryAuthority extends org.apache.manifoldcf.authorities.
     cacheLRUsize = params.getParameter(ActiveDirectoryConfig.PARAM_CACHELRUSIZE);
     if (cacheLRUsize == null)
       cacheLRUsize = "1000";    
+    
+    if(params.getParameter(ActiveDirectoryConfig.PARAM_ACLSGROUPSNAME) != null) {
+    	returnGroupsName = params.getParameter(ActiveDirectoryConfig.PARAM_ACLSGROUPSNAME).equals("true");
+    }
   }
 
   protected static String deobfuscate(String input)
@@ -389,6 +394,10 @@ public class ActiveDirectoryAuthority extends org.apache.manifoldcf.authorities.
       //Specify the attributes to return
       String returnedAtts[]={"tokenGroups","objectSid"};
       searchCtls.setReturningAttributes(returnedAtts);
+      
+      // paceholder for an LDAP filter that will store SIDs of the groups the user belongs to
+      final StringBuffer groupsSearchFilter = new StringBuffer();
+      groupsSearchFilter.append("(|");
 
       //Search for tokens.  Since every user *must* have a SID, the "no user" detection should be safe.
       NamingEnumeration answer = ctx.search(searchBase, searchFilter, searchCtls);
@@ -407,14 +416,22 @@ public class ActiveDirectoryAuthority extends org.apache.manifoldcf.authorities.
         {
           try
           {
-            for (NamingEnumeration ae = attrs.getAll();ae.hasMore();) 
-            {
-              Attribute attr = (Attribute)ae.next();
-              for (NamingEnumeration e = attr.getAll();e.hasMore();)
-              {
-                theGroups.add(sid2String((byte[])e.next()));
-              }
-            }
+        	  if (attrs.get("tokenGroups") != null) {
+					for (final NamingEnumeration ae = attrs.get("tokenGroups").getAll(); ae.hasMore();) {
+						final byte[] sid = (byte[]) ae.next();
+						theGroups.add(sid2String(sid));
+						if (returnGroupsName) {
+							groupsSearchFilter.append("(objectSid=" + sid2String(sid) + ")");
+						}
+					}
+					groupsSearchFilter.append(")");
+				}
+
+				if (attrs.get("objectSid") != null) {
+					for (final NamingEnumeration ae = attrs.get("objectSid").getAll(); ae.hasMore();) {
+						theGroups.add(sid2String((byte[]) ae.next()));
+					}
+				}
  
           }	 
           catch (NamingException e)
@@ -430,6 +447,33 @@ public class ActiveDirectoryAuthority extends org.apache.manifoldcf.authorities.
         Logging.authorityConnectors.info("User not found: " + userName);
         return RESPONSE_USERNOTFOUND;
       }
+      
+      if (returnGroupsName) {
+    	  // Search for groups the user belongs to in order to get their
+    	  // names
+    	  // Create the search controls
+    	  final SearchControls groupsSearchCtls = new SearchControls();
+
+    	  // Specify the search scope
+    	  groupsSearchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
+
+    	  // Specify the attributes to return
+    	  final String groupsReturnedAtts[] = { "sAMAccountName" };
+    	  groupsSearchCtls.setReturningAttributes(groupsReturnedAtts);
+
+    	  // Search for objects using the filter
+    	  final NamingEnumeration groupsAnswer = ctx.search(domainsb.toString(), groupsSearchFilter.toString(), groupsSearchCtls);
+
+    	  // Loop through the search results
+    	  while (groupsAnswer.hasMoreElements()) {
+
+    		  final SearchResult sr = (SearchResult) groupsAnswer.next();
+    		  final Attributes attrs = sr.getAttributes();
+    		  if (attrs != null) {
+    			  theGroups.add(attrs.get("sAMAccountName").get());
+    		  }
+    	  }
+      }
 
       // All users get certain well-known groups
       theGroups.add("S-1-1-0");
@@ -489,6 +533,7 @@ public class ActiveDirectoryAuthority extends org.apache.manifoldcf.authorities.
   {
     tabsArray.add(Messages.getString(locale,"ActiveDirectoryAuthority.DomainController"));
     tabsArray.add(Messages.getString(locale,"ActiveDirectoryAuthority.Cache"));
+    tabsArray.add(Messages.getString(locale,"ActiveDirectoryAuthority.ACLs"));
     Messages.outputResourceWithVelocity(out,locale,"editConfiguration.js",null);
   }
   
@@ -509,8 +554,10 @@ public class ActiveDirectoryAuthority extends org.apache.manifoldcf.authorities.
     velocityContext.put("TabName",tabName);
     fillInDomainControllerTab(velocityContext,out,parameters);
     fillInCacheTab(velocityContext,out,parameters);
+    fillInACLsTab(velocityContext,out,parameters);
     Messages.outputResourceWithVelocity(out,locale,"editConfiguration_DomainController.html",velocityContext);
     Messages.outputResourceWithVelocity(out,locale,"editConfiguration_Cache.html",velocityContext);
+    Messages.outputResourceWithVelocity(out,locale,"editConfiguration_ACLs.html",velocityContext);
   }
   
   protected static void fillInDomainControllerTab(Map<String,Object> velocityContext, IPasswordMapperActivity mapper, ConfigParams parameters)
@@ -584,6 +631,14 @@ public class ActiveDirectoryAuthority extends org.apache.manifoldcf.authorities.
       cacheLRUsize = "1000";
     velocityContext.put("CACHELRUSIZE",cacheLRUsize);
   }
+  
+  protected static void fillInACLsTab(Map<String,Object> velocityContext, IPasswordMapperActivity mapper, ConfigParams parameters)
+  {
+    String aclsGroupsName = parameters.getParameter(ActiveDirectoryConfig.PARAM_ACLSGROUPSNAME);
+    if (aclsGroupsName == null)
+      aclsGroupsName = "false";
+    velocityContext.put("ACLSGROUPSNAME",aclsGroupsName);
+  }
 
   /** Process a configuration post.
   * This method is called at the start of the authority connector's configuration page, whenever there is a possibility that form data for a connection has been
@@ -674,6 +729,12 @@ public class ActiveDirectoryAuthority extends org.apache.manifoldcf.authorities.
     if (cacheLRUsize != null)
       parameters.setParameter(ActiveDirectoryConfig.PARAM_CACHELRUSIZE,cacheLRUsize);
     
+    parameters.setParameter(ActiveDirectoryConfig.PARAM_ACLSGROUPSNAME,"false");
+    String aclsGroupsName = variableContext.getParameter("aclsgroupsname");
+    if(aclsGroupsName != null) {
+    	parameters.setParameter(ActiveDirectoryConfig.PARAM_ACLSGROUPSNAME,aclsGroupsName);
+    }
+    
     return null;
   }
   
@@ -710,6 +771,7 @@ public class ActiveDirectoryAuthority extends org.apache.manifoldcf.authorities.
     Map<String,Object> velocityContext = new HashMap<String,Object>();
     fillInDomainControllerTab(velocityContext,out,parameters);
     fillInCacheTab(velocityContext,out,parameters);
+    fillInACLsTab(velocityContext,out,parameters);
     Messages.outputResourceWithVelocity(out,locale,"viewConfiguration.html",velocityContext);
   }
 
diff --git a/connectors/activedirectory/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/activedirectory/ActiveDirectoryConfig.java b/connectors/activedirectory/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/activedirectory/ActiveDirectoryConfig.java
index 5b85048..41f72d9 100644
--- a/connectors/activedirectory/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/activedirectory/ActiveDirectoryConfig.java
+++ b/connectors/activedirectory/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/activedirectory/ActiveDirectoryConfig.java
@@ -43,6 +43,8 @@ public class ActiveDirectoryConfig
   public static final String PARAM_CACHELRUSIZE = "Cache LRU size";
   /** LDAP connection timeout*/
   public static final String PARAM_LDAPCONNECTIONTIMEOUT = "LDAP connection timeout";
+  /** ACLs Groups Name */
+  public static final String PARAM_ACLSGROUPSNAME = "ACLs Groups name";
 
   /** Domain controller node */
   public static final String NODE_DOMAINCONTROLLER = "domaincontroller";
diff --git a/connectors/activedirectory/connector/src/main/native2ascii/org/apache/manifoldcf/authorities/authorities/activedirectory/common_en_US.properties b/connectors/activedirectory/connector/src/main/native2ascii/org/apache/manifoldcf/authorities/authorities/activedirectory/common_en_US.properties
index 3661702..992fe72 100644
--- a/connectors/activedirectory/connector/src/main/native2ascii/org/apache/manifoldcf/authorities/authorities/activedirectory/common_en_US.properties
+++ b/connectors/activedirectory/connector/src/main/native2ascii/org/apache/manifoldcf/authorities/authorities/activedirectory/common_en_US.properties
@@ -43,6 +43,8 @@ ActiveDirectoryAuthority.certificate=certificate(s)
 ActiveDirectoryAuthority.ConnectionTimeout=Connection timeout:
 ActiveDirectoryAuthority.ConnectionTimeoutMustBeAnInteger=Connection timeout value must be an integer
 ActiveDirectoryAuthority.milliseconds=milliseconds
+ActiveDirectoryAuthority.ACLs=Access Control List
+ActiveDirectoryAuthority.ACLsGroupsName=Return groups name
 
 
 
diff --git a/connectors/activedirectory/connector/src/main/native2ascii/org/apache/manifoldcf/authorities/authorities/activedirectory/common_es_ES.properties b/connectors/activedirectory/connector/src/main/native2ascii/org/apache/manifoldcf/authorities/authorities/activedirectory/common_es_ES.properties
index 817a53f..8382f61 100644
--- a/connectors/activedirectory/connector/src/main/native2ascii/org/apache/manifoldcf/authorities/authorities/activedirectory/common_es_ES.properties
+++ b/connectors/activedirectory/connector/src/main/native2ascii/org/apache/manifoldcf/authorities/authorities/activedirectory/common_es_ES.properties
@@ -43,6 +43,8 @@ ActiveDirectoryAuthority.certificate=certificado(s)
 ActiveDirectoryAuthority.ConnectionTimeout=Connection timeout:
 ActiveDirectoryAuthority.ConnectionTimeoutMustBeAnInteger=Connection timeout value must be an integer
 ActiveDirectoryAuthority.milliseconds=milliseconds
+ActiveDirectoryAuthority.ACLs=Access Control List
+ActiveDirectoryAuthority.ACLsGroupsName=Return groups name
 
 
 
diff --git a/connectors/activedirectory/connector/src/main/native2ascii/org/apache/manifoldcf/authorities/authorities/activedirectory/common_ja_JP.properties b/connectors/activedirectory/connector/src/main/native2ascii/org/apache/manifoldcf/authorities/authorities/activedirectory/common_ja_JP.properties
index beb5c87..b8f5f98 100644
--- a/connectors/activedirectory/connector/src/main/native2ascii/org/apache/manifoldcf/authorities/authorities/activedirectory/common_ja_JP.properties
+++ b/connectors/activedirectory/connector/src/main/native2ascii/org/apache/manifoldcf/authorities/authorities/activedirectory/common_ja_JP.properties
@@ -43,3 +43,5 @@ ActiveDirectoryAuthority.certificate=証明書
 ActiveDirectoryAuthority.ConnectionTimeout=Connection timeout:
 ActiveDirectoryAuthority.ConnectionTimeoutMustBeAnInteger=Connection timeout value must be an integer
 ActiveDirectoryAuthority.milliseconds=milliseconds
+ActiveDirectoryAuthority.ACLs=Access Control List
+ActiveDirectoryAuthority.ACLsGroupsName=Return groups name
diff --git a/connectors/activedirectory/connector/src/main/native2ascii/org/apache/manifoldcf/authorities/authorities/activedirectory/common_zh_CN.properties b/connectors/activedirectory/connector/src/main/native2ascii/org/apache/manifoldcf/authorities/authorities/activedirectory/common_zh_CN.properties
index 6e031a2..dfa1670 100644
--- a/connectors/activedirectory/connector/src/main/native2ascii/org/apache/manifoldcf/authorities/authorities/activedirectory/common_zh_CN.properties
+++ b/connectors/activedirectory/connector/src/main/native2ascii/org/apache/manifoldcf/authorities/authorities/activedirectory/common_zh_CN.properties
@@ -43,3 +43,5 @@ ActiveDirectoryAuthority.certificate=证书
 ActiveDirectoryAuthority.ConnectionTimeout=Connection timeout:
 ActiveDirectoryAuthority.ConnectionTimeoutMustBeAnInteger=Connection timeout value must be an integer
 ActiveDirectoryAuthority.milliseconds=milliseconds
+ActiveDirectoryAuthority.ACLs=Access Control List
+ActiveDirectoryAuthority.ACLsGroupsName=Return groups name
diff --git a/connectors/activedirectory/connector/src/main/resources/org/apache/manifoldcf/authorities/authorities/activedirectory/editConfiguration_ACLs.html b/connectors/activedirectory/connector/src/main/resources/org/apache/manifoldcf/authorities/authorities/activedirectory/editConfiguration_ACLs.html
new file mode 100644
index 0000000..e4481cb
--- /dev/null
+++ b/connectors/activedirectory/connector/src/main/resources/org/apache/manifoldcf/authorities/authorities/activedirectory/editConfiguration_ACLs.html
@@ -0,0 +1,38 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements.  See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License.  You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+#if($TabName == $ResourceBundle.getString('ActiveDirectoryAuthority.ACLs'))
+
+<table class="displaytable">
+  <tr><td class="separator" colspan="2"><hr/></td></tr>
+  <tr>
+    <td class="description"><nobr>$Encoder.bodyEscape($ResourceBundle.getString('ActiveDirectoryAuthority.ACLsGroupsName'))</nobr></td>
+    <td class="value">
+    #if("true" == $ACLSGROUPSNAME)
+    <input type="checkbox" name="aclsgroupsname" value="true" checked />
+    #else
+    <input type="checkbox" name="aclsgroupsname" value="true" />
+    #end
+    </td>
+  </tr>
+</table>
+
+#else
+
+<input type="hidden" name="aclsgroupsname" value="$Encoder.attributeEscape($ACLSGROUPSNAME)"/>
+
+#end
diff --git a/connectors/activedirectory/connector/src/main/resources/org/apache/manifoldcf/authorities/authorities/activedirectory/viewConfiguration.html b/connectors/activedirectory/connector/src/main/resources/org/apache/manifoldcf/authorities/authorities/activedirectory/viewConfiguration.html
index ed94d76..524faab 100644
--- a/connectors/activedirectory/connector/src/main/resources/org/apache/manifoldcf/authorities/authorities/activedirectory/viewConfiguration.html
+++ b/connectors/activedirectory/connector/src/main/resources/org/apache/manifoldcf/authorities/authorities/activedirectory/viewConfiguration.html
@@ -61,4 +61,9 @@
     <td class="description"><nobr>$Encoder.bodyEscape($ResourceBundle.getString('ActiveDirectoryAuthority.CacheLRUSize'))</nobr></td>
     <td class="value"><nobr>$Encoder.bodyEscape($CACHELRUSIZE)</nobr></td>
   </tr>
+  <tr><td class="separator" colspan="2"><hr/></td></tr>
+  <tr>
+    <td class="description"><nobr>$Encoder.bodyEscape($ResourceBundle.getString('ActiveDirectoryAuthority.ACLsGroupsName'))</nobr></td>
+    <td class="value"><nobr>$Encoder.bodyEscape($ACLSGROUPSNAME)</nobr></td>
+  </tr>
 </table>
\ No newline at end of file