Help Desk delegation


What is help desk delegation?


This feature helps administrators to assign or delegate selected activities to non-administrative desk users. It is recommended to delegate  incipient administrative activities to help desk technicians.


Who is a help desk Technician?

A person who is entitled to perform the operations delegated by the administrator is called help desk technician. These operations can deviate from the regular end user functions with a bias of administrative tasks aimed to increase the productivity and reduce administrator's workload.


What is a  help desk Role?


A specific role or a set of roles that are delegated by administrator to a unique non administrative user to perform are called help desk roles.


What is OU based Delegation?


The OU based administration lets the administrator to delegate the tasks with a scope limited to a specific Organizational Unit i.e. help desk users can perform the delegated activities that fall under the purview of the assigned OU. This ensures that the security issues are intact and the delegation runs smooth.


How to create a help desk technician?

  1. Click AD Delegation

  2. Click on Help desk technicians

  3. Select  Add New Technician.

  4. Select domain

  5. Select user by clicking on Browse.

  6. Select a role by clicking on choose (Note: You can also customize the roles. Learn more )

  7. Select the Organizational Unit (OU). This step ensures that the user's help desk operations are restricted to this OU only.

  8. Click on save.

  9. To modify technician details, click the  icon present near the technician's name on the summary page.

  10. You can modify Help Desk Role, OUs and also restrict the user to choose from a selected list of templates.

  11. Enable Impersonate as Admin option to allocate admin permissions to the user.


  1. The Impersonate as Admin option updates User permissions only in ADManager Plus and retains original settings in AD.
  2. You can also set a particular template as Default to allocate roles to the Help Desk Technicians that are created. The Default template can be selected from the given list under Modify Help Desk Technician option.


How to create a help desk role?


There are some predefined help desk roles which you can find when you select theHelp Desk Roles link. You can also create new roles to meet your specific requirements.


To create a new help desk role:

  1. Click the AD Delegation tab

  2. Under Help Desk Delegation, click the Help Desk Roles link

  3. Click the   Create New Role link, to create a new help desk role from the scratch. You can also create a new role by just copying an existing role; to copy another role, follow these steps.

  4. In the create help desk role page, enter an appropriate name and description for the new role.

  5. From the list of tasks listed under management, reporting and administration, select the tasks that you wish to include in this role.

  6. If you wish to prevent a user with this role from using the bulk modification feature or the CSV import option, select the Deny Bulk Modification or Deny CSV Import options respectively.

  7. While creating users, if you wish to restrict the access to only specific attributes, use the User Attribute Privileges link located in the 'Create Users' section and select the desired attributes. Similarly, for groups and contacts, use the contact attribute privileges and group attribute privileges options respectively.

  8. Similarly, for a more granular selection of the attributes that can be modified/tasks to be included in the role, click the '+' icon located beside each task/action.

  9. Click the Save Role button to create the new role.

How to add more than one role/domain to a help desk technician?

  1. Click AD Delegation

  2. Click on Help desk technicians

  3. To modify technician details, click the  icon present near the technician's name on the summary page.

  4. Enable the required Domains in the Manageable Domains section

  5. You can now assign multiple roles by clicking on choose/change for the corresponding domain.

  6. You can modify Help Desk Role, OUs and also restrict the user to choose from a selected list of templates.

  7. Enable Impersonate as Admin option to allocate admin permissions to the users.

  8. Click Save Changes

Help Desk Delegation Flow


The core functional theme of Help Desk Delegation is that the technician can login to the ADMP console and perform the functions delegated by Administrator. For this to happen the Administrator should perform the following steps to authorize a help desk technician.

  1. Modify (click on ) or delete (click on ) existing technician or create a help desk technician

  2. Select or modify the predefined the help desk roles or create a new help desk role.

  3. Define the scope of each operation. Click on the images '+' for granular authorization.

  4. All the operations can be restricted to a specific OU. More about OU Restriction

Granular Authorization


Administrator can restrict the help desk technicians function to a specific part of OU or to specific attributes in a function.


Example: Help desk technicians can be allowed to modify Group attributes at the same time restricting or avoiding them to any of the sub functions like add to group or remove from group or set primary group.


OU Restriction


All the functions that are being performed by help desk technicians can be restricted to specific OU's. This enhances the security of Active Directory by authorization. 


Restrict Report Viewing


You can restrict the help desk technicians from viewing certain reports and can be imposed at the time of creating the help desk Role. This restriction can be imposed on all of the reports under a particular reports category say like User Reports, Computer Reports, etc., or on specific reports under each of these Report types. The view for those reports whose check boxes have been enabled will be restricted for the help desk Role.



Enable/Disable help desk Technician


Super Admin can enable/disable one or more help desk technicians based on his discretion. Click on the appropriate Enable or Disable icon adjacent to the respective Technician's name to achieve this operation. This enhances the security of Active Directory by authorization.  


Multiple Domain Management using help desk Technician


This feature allows the Administrator to allocate Multiple Domain Support for help desk technician (s). The following steps will help perform this operation:

Delegating Groups for help desk technicians


Administrator can associate help desk Technicians with specific groups using the Include/Exclude option of help desk Delegation. The following steps will help perform this operation:


  1. If the Included Groups List is alone mentioned, then the help desk Technician will have permissions only on those mentioned groups.

  2. If the Excluded Groups List is alone mentioned, then the help desk Technician will not have permissions on those mentioned groups.

  3. If both Included and Excluded columns contain data, then the ones that are unique with respect to Included List will hold good.

  4. In case both the lists are empty, then the groups associated with the delegated OUs will be considered.

Login Using Sample help desk Users


ADManager Plus offers "Login Options Using Sample help desk Technicians" for first time installations. Two sample help desk Logins will be allocated for HR and help desk, with create and reset password options respectively.


How does  help desk delegation help you ?


Help Desk delegation helps in disseminating the workload from administrator's desk. It reduces the burden on administrator there by allowing him to concentrate on core administrator activities.


It increases the productivity of users by eliminating administrator's intervention in self-manageable activities.


What is the scope of delegation?


Administrator can limit the scope of delegated activities according to his wish. He can limit the technicians to a specific organizational units or a part of organizational unit.


What about security ?


Help desk delegation is delivered with a security shield. All the actions performed by help desk technicians will be in the purview defined, enabling security settings intact. To prevent security breach the technicians and their activities are fenced to a specific party of Active Directory and enforced authentication zeroes security pitfalls.


How to use help desk delegation ?


For a successful implementation of this feature follow the below steps:

  1. Select the AD Delegation tab.

  2. Click the Help Desk Technician

  3. Select the domain

  4. Select the Active Directory user. Click Browse to select user. The selected user will be eligible to perform the roles defined in next steps.

  5. Select the role by clicking on 'choose'. This role will be assigned to the user selected. Be cautious in selecting the role. At a time you can delegate only one role to a user.

  6. Select the Organizational Unit. This limits the user's role only to that OU.

  7. Save.

How can help desk technicians modify first name and last name of users?

Here is a sample CSV file,


Note : For "sAMAccountName" please provide the existing sAMAccountName of the user and for "givenName" and "sn" please provide the new names (name to be modified).

Also, for help desk technician please make sure that "Modify Users" option is selected.


Help desk Implementation Scenario's


HR Department in your organization need not wait for the System Administrator to confirm that the newly joined employees are enrolled in the active directory. Help Desk Delegation allows an administrator to grant rights to the HR People to create new user accounts whenever a person is recruited. This saves time for both the departments and enhances productivity.

Copyright © 2015, ZOHO Corp.All Rights Reserved.