How can I assign active directory permission to the default app pool identity

Solution 1:

You don't. You can confer permissions to local resources for the IIS APPPOOL{app pool name} identity for local resources per:

How to assign permissions to ApplicationPoolIdentity account

In Active Directory, the identity needs to be either a Well-Known security principal, an actual user/group/computer security principal, or a foreign/trusted security principal.

However, if you use the Network Service identity on the IIS AppPool, the application pool will use the machine account of the IIS server when accessing network resources. In that case, you can confer the necessary permissions to the computer account (domain\computername$) in Active Directory.

http://www.iis.net/learn/manage/configuring-security/application-pool-identities

Solution 2:

What I did on AD computer was to delegate control to the computer running the IIS hosting the application. I delegated only "modify group membership" (or something like that) kind of permissions and got my solution working.

I had a twist in my app that got IPrincipal from ADFS so I didn't use Windows auth but other than that everything worked just fine.

Too bad IISExpress don't function the way that IIS functions as this is not the first time I got problems when going to production.