Help Desk delegation

    What is help desk delegation?

    This feature helps administrators to assign or delegate selected activities to non-administrative desk users. It is recommended to delegate incipient administrative activities to help desk technicians.

    Who is a help desk Technician?

    A person who is entitled to perform the operations delegated by the administrator is called help desk technician. These operations can deviate from the regular end user functions with a bias of administrative tasks aimed to increase the productivity and reduce administrator's workload.

    What is a help desk Role

    A specific role or a set of roles that are delegated by administrator to a unique non administrative user to perform are called help desk roles.

    What is OU based Delegation?

    The OU based administration lets the administrator to delegate the tasks with a scope limited to a specific Organizational Unit i.e. help desk users can perform the delegated activities that fall under the purview of the assigned OU. This ensures that the security issues are intact and the delegation runs smooth.

    How to create a help desk technician?

    You can create new help desk technicians in two ways:

    Creating new help desk technicians using the 'add new technicians' option

    1. Click the Delegation tab
    2. Click the Help Desk Technicians link, and then the Add New Technicians link.
    3. Select the desired domain.
    4. Choose the users, whom you wish to configure as help desk technicians, by clicking the browse button located beside the Select AD User field.
    5. Select the roles that you wish to delegate to the new technicians by clicking the choose link located beside the Select help desk roles field. (You can create customized roles based on your requirements.)
    6. Select the desired organizational unit (OUs), if you wish to restrict the scope of the technicians to only specific OUs instead of the entire domain, by clicking the Add OUs link located beside the Select OUs field.
    7. Select the Impersonate as Admin option, if you wish to assign admin permissions to the technicians being created.
    8. Click the save button to complete the creation of new help desk technicians.
    Note:
    • The Impersonate as Admin option elevates the users' permissions only in ADManager Plus and does not change their actual settings in AD.
    • You can always assign more domains, groups, and also account creation/modification templates to the technicians, by modifying/editing them.

    Creating help desk technicians using 'copy technician option'

    The copy technician option allows you to create new help desk technicians with the same configurations of any existing technicians. By copying the configurations of the desired technician and applying them to the new technicians, administrators can create multiple new technicians with the same configurations.

    To create a help desk technician using the copy technician feature,

    1. Click the Delegation tab.
    2. Click the Help desk Technicians link.
    3. From the list of existing help desks technicians, locate the technician whose settings you wish to copy.
    4. Click the copy icon located in the action column of the desired help desk technician.
    5. In the copy technician window that opens up, select the domain in which the users whom you wish to configure as technicians are located.
    6. Click the choose link located beside the Select AD User field, and pick the required users from the ones displayed.
    7. Click the create technicians button this will configure all the selected users as help desk technicians

    How to create a help desk role?

    There are some predefined help desk roles which you can find when you select theHelp Desk Roles link. You can also create new roles to meet your specific requirements.

    To create a new help desk role:

    1. Click the Delegation tab.
    2. Under Help Desk Delegation, click the Help Desk Roles link.
    3. Click the Create New Role button to create a new help desk role. You can also create a new role by just copying an existing role; to copy another role, follow these steps.
    4. On the Help Desk Roles page, enter an appropriate name and description for the new role.
    5. From the list of tasks listed under various sections, select the tasks that you wish to include in this role.
    6. If you wish to prevent a user with this role from using the bulk modification feature or the CSV import option, select the Deny Bulk Modification or Deny CSV Import options respectively.
    7. While creating users, if you wish to restrict access to only specific attributes, use the User Attribute Privileges link located in the Create Users section and select the desired attributes. Similarly, for groups and contacts, use the Contact Attribute Privileges and Group Attribute Privileges options respectively.
    8. Similarly, for a more granular selection of the attributes, click the + icon located beside each task.
    9. Click Save to create the new role.

    How to add more than one role/domain to a help desk technician?

    1. Click Delegation
    2. Click on Help desk technicians
    3. To modify technician details, click the active-directory-help-desk-delegation_clip_image002 icon present near the technician's name on the summary page.
    4. Enable the required Domains in the Manageable Domains section
    5. You can now assign multiple roles by clicking on choose/change for the corresponding domain.
    6. You can modify Help Desk Role, OUs and also restrict the user to choose from a selected list of templates.
    7. Enable Impersonate as Admin option to allocate admin permissions to the users.
    8. Click Save Changes

    Help Desk Delegation Flow

    The core functional theme of Help Desk Delegation is that the technician can login to the ADMP console and perform the functions delegated by Administrator. For this to happen the Administrator should perform the following steps to authorize a help desk technician.

    1. Modify (click on modify-help-desk-user) or delete (click on modify-help-desk-user) existing technician or create a help desk technician
    2. Select or modify the predefined the help desk roles or create a new help desk role.
    3. Define the scope of each operation. Click on the images '+' for granular authorization.
    4. All the operations can be restricted to a specific OU. More about OU Restriction

    Granular Authorization

    Administrator can restrict the help desk technicians function to a specific part of OU or to specific attributes in a function.

    Example: Help desk technicians can be allowed to modify Group attributes at the same time restricting or avoiding them to any of the sub functions like add to group or remove from group or set primary group.

    OU Restriction

    All the functions that are being performed by help desk technicians can be restricted to specific OU's. This enhances the security of Active Directory by authorization. 

    Restrict Report Viewing

    You can restrict the help desk technicians from viewing certain reports and can be imposed at the time of creating the help desk Role. This restriction can be imposed on all of the reports under a particular reports category say like User Reports, Computer Reports, etc., or on specific reports under each of these Report types. The view for those reports whose check boxes have been enabled will be restricted for the help desk Role.

    Enable/Disable help desk Technician

    Super Admin can enable/disable one or more help desk technicians based on his discretion. Click on the appropriate Enable or Disable icon adjacent to the respective Technician's name to achieve this operation. This enhances the security of Active Directory by authorization.

    Unlock help desk technicians

    Help desk technicians will be locked out of ADMananger Plus after a series of failed login attempts. The attempt limit is based on the threshold value configured in Logon Settings. They can be unlocked in a matter of a few clicks. To unlock a technician:

    • Log in to ADManager Plus and navigate to the Delegation tab.
    • Under Help Desk Delegation, click Help Desk Technicians.
    • In the Help Desk Technicians page, select the help desk technicians that you wish to unlock.
    • Click Manage > Unlock.
    Note: This lock-out is confined to the ADManager Plus application and has no relation to the Account Lockout Policy in Active Directory. The lock-out value for ADManager Plus accounts can be configured by navigating to Delegation > Configuration > Logon Settings > General > Block User Settings.

    Multiple Domain Management using help desk Technician

    This feature allows the Administrator to allocate Multiple Domain Support for help desk technician (s). The following steps will help perform this operation:

    • Select the Delegation tab.
    • Select the modify-help-desk-user under Action of Help Desk Technicians. This opens the Modify help desk technician Dialog.
    • Enable the required Domains in the Manageable Domains section.
    • Select the roles for the technician in the new domain.
    • Click on Add OUs link to select the OUs of that domain.
    • Click on Save Changes button to update the changes.

    Delegating Groups for help desk technicians

    Administrator can associate help desk Technicians with specific groups using the Include/Exclude option of help desk Delegation. The following steps will help perform this operation:

    • Select the Delegation tab.
    • Select the modify-help-desk-userunder Action of Help Desk Technicians. This opens the Modify help desk technician Dialog.
    • Click on Add/Remove buttons adjacent to Included Groups to include the required groups for the help desk Technician.
    • Click on Add/Remove buttons adjacent to Excluded Groups to exclude the required groups for the help desk Technician.
    • Click on Save Changes button to update the changes.
    Note:
    1. If the Included Groups List is alone mentioned, then the help desk Technician will have permissions only on those mentioned groups.
    2. If the Excluded Groups List is alone mentioned, then the help desk Technician will not have permissions on those mentioned groups.
    3. If both Included and Excluded columns contain data, then the ones that are unique with respect to Included List will hold good.
    4. In case both the lists are empty, then the groups associated with the delegated OUs will be considered.
    5. If the 'Include Groups from delegated OUs' option is selected, groups under the 'Included groups' column will be appended along with the existing groups from OUs or Domains that have already been delegated. The groups enlisted under 'Excluded groups' will take higher precedence and be removed.
    6. All the OU delegated groups for the technician, get reflected in the report, with restriction for modification only on Excluded groups(that are part of OU delegation).
    7. Groups exclusively listed under Include/Exclude groups aren't displayed during report generation.

    Login Using Sample help desk Users

    ADManager Plus offers "Login Options Using Sample help desk Technicians" for first time installations. Two sample help desk Logins will be allocated for HR and help desk, with create and reset password options respectively.

    How does help desk delegation help you ?

    Help Desk delegation helps in disseminating the workload from administrator's desk. It reduces the burden on administrator there by allowing him to concentrate on core administrator activities.

    It increases the productivity of users by eliminating administrator's intervention in self-manageable activities.

    What is the scope of delegation?

    Administrator can limit the scope of delegated activities according to his wish. He can limit the technicians to a specific organizational units or a part of organizational unit.

    What about security?

    Help desk delegation is delivered with a security shield. All the actions performed by help desk technicians will be in the purview defined, enabling security settings intact. To prevent security breach the technicians and their activities are fenced to a specific party of Active Directory and enforced authentication zeroes security pitfalls.

    How to use help desk delegation?

    For a successful implementation of this feature follow the below steps:

    1. Select the Delegation tab.
    2. Click the Help Desk Technician
    3. Select the domain
    4. Select the Active Directory user. Click Browse to select user. The selected user will be eligible to perform the roles defined in next steps.
    5. Select the role by clicking on 'choose'. This role will be assigned to the user selected. Be cautious in selecting the role. At a time you can delegate only one role to a user.
    6. Select the Organizational Unit. This limits the user's role only to that OU.
    7. Save.

    How can help desk technicians modify first name and last name of users?

    • Click on AD Mgmt tab
    • Click on Modify Users under CSV import
    • Import the CSV file
    • Select the Users and click on apply.

    Here is a sample CSV file,

    sAMAccountName,givenName,sn
    TestUser,Sample,User

    Note: For "sAMAccountName" please provide the existing sAMAccountName of the user and for "givenName" and "sn" please provide the new names (name to be modified).

    Also, for help desk technician please make sure that "Modify Users" option is selected.

    Help desk Implementation Scenarios

    HR Department in your organization need not wait for the System Administrator to confirm that the newly joined employees are enrolled in the active directory. Help Desk Delegation allows an administrator to grant rights to the HR People to create new user accounts whenever a person is recruited. This saves time for both the departments and enhances productivity.

    Don't see what you're looking for?

    •  

      Visit our community

      Post your questions in the forum.

       
    •  

      Request additional resources

      Send us your requirements.

       
    •  

      Need implementation assistance?

      Try onboarding