Active Directory Help Desk Delegation

When companies and organizations grow, tasks in Active Directory grow with them. But a lot this work is standard user data management – something you could delegate to your Help Desk – something that saves you a lot of time, costs and effort.



Recurring Tasks in Active Directory

When their number of standard tasks increases, daily work becomes cumbersome for AD admins. These are recurring tasks like the creation of user accounts or the reset of user passwords. The more time AD admins spend with this kind of work, the less time they have for important technical issues.

With the FirstWare IDM-Portal you can empower Non-AD admins to maintain Active Directory data in a very userfriendly way. The Delegation can be set up easily and secure with predefined roles. All actions (who did what) are documented in a transparent, traceable and easy to read Logging/Audit.

Shared Tasks between AD Admins and Help Desk

Sharing tasks between AD administrators and Help Desk can be easily implemented. What attributes a Help Desk technican can read or write and what tabs are visible depends on his permissions. For persmission and access management the person in charge should have at least basic AD knowledge. But standard user data tasks can be even carried out by non-IT data admins that do not have any Active Directory skills – possible through the self-explanatory web interfaces. This allows you to easily delegate AD tasks to Help Desk, HR staff or an assistent in each department.


Typical tasks for Active Directory Help Desk delegation:

  • Create, edit and delete user
  • Disable user accounts
  • Reset passwords
  • Upload user pictures
  • Rename user
  • Change phone numbers
  • Move User objects to another OU
  • Manage group memberships of a user
  • Create, edit and delete groups

The creation, modification and deletion of objects can also trigger other actions. If you want to create or mailboxes or move homedrives after changing a user object, you can automate these actions with IDM-Portal.

Setting up Help Desk Delegation of AD Tasks

For delegating tasks with the IDM-Portal set up a Help Desk role. In this role you define which attributes can be edited and which features are enabled. The Help Desk technicans will see only relevant fields and tabs that are necessary for his tasks, like account lockouts and password issues.

One Help Desk Role for All

For multiple departments, branches or company sites, where the local Help Desk has the same permissions, but is limited to certain OUs for example, you can create a general role. Based on a group membership, an attribute or a specific OU scope, it will be automatically detected where the respective Help Desk staff is allowed to access. Whether you create one or more roles for the Help Desk of course also depends on your requirements.

If you want to know more about setting up roles, please contact us. There are various way of implementation. It is important to take the one that meets your specific requirements best.

Empower the Help Desk to Reset Passwords and Unlock Accounts

If the role is defined, the Help Desk employees simply open the FirstWare IDM-Portal website in his browser. Due to Windows integrated authorization, the website is provided to him with a role-based personal view – without logging in (SSO). The technican gets access to its user, groups and all sorts of tasks.  He can immediatly maintain users and groups he is in charge of. These can be objects within one or several OUs or objects that belong to him due to some filter rule.

Note: For the configuration of roles and to establish AD automation, you need the standard version of FirstWare IDM-Portal. (tell me more)

Benefits for IT and Business

The greatest advantage in AD Help Desk Delegation is that it speeds up many processes. On top of that it dramatically reduces the work load for the AD Administrators. Users can submit a ticket, that is directly processed by an Help Desk technician – without having the task being forwarded to the IT department and done by a third person. This way processing time can be significantly reduced . Besides the Help Desk staff, changes in the AD could be also carried out by managers, assistants or the HR department.  A passing around of data can be avoided and thus the risk of incorrect data in Active Directory.

The Benefits:

  • Accelerated Processes
  • Reduce the work load on the AD Administrator
  • Lower waiting times for end users
  • Non-IT employees can help themselves

Benutzeranlage an den Helpdesk delegieren




This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *


Time limit is exhausted. Please reload CAPTCHA.