Support
 
Phone Live Chat
 
Support
 
US: +1 888 720 9500
US: +1 800 443 6694
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9393

 
 
 
 
 
Delegation

Active Directory delegation: Password Reset and Account Unlock

Active directory delegation is crucial for any organization's IT infrastructure, as it provides a way for you to securely delegate management operations to technicians while ensuring they have the least privileges required to carry out their tasks. ADManager Plus' delegation feature is granular yet extensive, allowing you to delegate permissions for specific domains or even specific OUs. You can create customized delegation roles based on the tasks for which you want to delegate permissions.

Delegating password reset permissions

On average, one third of all IT help desk calls are attributed to password resets. When these calls happen over and over, productivity is affected for both employees and IT administrators.

A solution that would benefit both parties would be to delegate password reset to a help desk technician. ADManager Plus lets you:

  • Delegate permissions to technicians only for the tasks they need to perform. The other tabs will not be visible or functional for the technician.
  • Delegate permissions for password reset tasks across the required domains in a forest to the same technician.
  • Keep track of the password resets being performed by technicians with information like status, timestamps, and more.

How to delegate password reset permissions to help desk technicians with ADManager Plus

  1. Log on to ADManager Plus.
  2. Navigate to Delegation → Help Desk Technician → Add New Technician.
  3. Select the Domain and the OUs for which you wish to delegate password reset permissions.
  4. Select the users or groups for which you wish to delegate the permission for password reset by clicking the Browse button.
  5. Choose Reset Password in the Select Help Desk Roles section.
  6. You can choose the OUs that the technician can perform password resets for in the Select OUs section.
  7. Select the Impersonate as Admin option if you wish to assign administrator permissions to the technicians being created.
  8. Click Save.

Delegating unlock user account permissions

Most organizations have an account lockout policy in place to prevent brute force attacks. Account lockout policies render an account inaccessible for a specific period after a specified number of wrong password attempts happen. When this happens, users cannot access their accounts until the IT administrator unlocks it.

As users tend to forget or mistype their passwords often, account lockouts are a common occurrence in many organizations. This means account lockouts make up a major chunk of IT help desk calls. ADManager Plus can help you delegate permissions for unlocking AD user accounts by:

  • Enabling technicians to perform different sets of tasks in different OUs. For example, a technician can reset passwords in OU1, unlock user accounts in OU2, create and modify groups in OU3, etc.
  • Delegating permissions to technicians for unlocking user accounts across multiple domains.
  • Allowing you to create your own custom roles for delegating password reset permissions suited to your organization. For example, you can create a role that will allow the technician to unlock user accounts, enable/disable computer accounts, and enable Exchange mailboxes that are disabled.

How to delegate the unlock user accounts permission to help desk technicians with ADManager Plus

  1. Log on to ADManager Plus.
  2. Navigate to Delegation → Help Desk Technician → Add New Technician.
  3. Select the domain and the OUs for which you wish to delegate password reset permissions.
  4. Select the users or groups you wish to delegate the permission for password reset by clicking the Browse button.
  5. Choose Unlock Users in the Select Help Desk Roles section.
  6. You can choose the OUs for which the technician can perform password resets in the Select OUs section.
  7. Select the Impersonate as Admin option if you wish to assign administrator permissions to the technician being created.
  8. Click Save.

Key highlights of ADManager Plus' delegation feature

Secure and non-invasive delegation model: The rights or privileges assigned to technicians are purely at the product level, and their actual privileges in Active Directory remain untouched.

Customizable roles: A variety of roles can be created to give technicians the ability to perform different tasks (for example: reset passwords, move users, generate group reports, etc.).

Role-based/profile-based delegation of tasks to help desk technicians: Only the modules or features assigned to technicians will be visible to them.

OU-specific administration: Enable technicians to perform different sets of tasks in different OUs.

Cross-domain/multi-domain delegation: Allow technicians to perform the designated tasks in multiple domains.

Audit reports: Get a trail of all the actions that a help desk technician has performed and all the actions that have been performed on a technician or role.

If you would like to learn more about delegating permissions with ADManager Plus, you can find help here

Featured links

Other features
  • Active Directory Management

    Manage AD, Office 365, Exchange, Skype for Business, and G Suite accounts of users, single or bulk, using CSV files or smart templates.

  • Active Directory Password Management

    Reset password and set password propertied from a single web-based console, without compromising on the security of your AD! Delegate your password-reset powers to the helpdesk technicians too!

  • Active Directory Computer Reports

    Granular reporting on your AD Computer objects to the minutest detail. Monitor...and modify computer attributes right within the report. Reports on Inactive Computers and operating systems.

  • Microsoft Exchange Management

    Create and manage Exchange mailboxes and configure mailbox rights using ADManager Plus's Exchange Management system. Now with support for Microsoft Exchange 2010!!

  • Active Directory Cleanup

    Get rid of the inactive, obsolete and unwanted objects in your Active Directory to make it more secure and efficient...assisted by ADManager Plus's AD Cleanup capabilities.

  • Active Directory Automation

    A complete automation of AD critical tasks such as user provisioning, inactive-user clean up etc. Also lets you sequence and execute follow-up tasks and blends with workflow to offer a brilliant controlled-automation.

Need Features? Tell Us
If you want to see additional features implemented in ADManager Plus, we would love to hear. Click here to continue

ADManager Plus Trusted By

The one-stop solution to Active Directory Management and Reporting