Help Desk delegation


What is help desk delegation?


This feature helps administrators to assign or delegate selected activities to non-administrative desk users. It is recommended to delegate  incipient administrative activities to help desk technicians.


Who is a help desk Technician?

A person who is entitled to perform the operations delegated by the administrator is called help desk technician. These operations can deviate from the regular end user functions with a bias of administrative tasks aimed to increase the productivity and reduce administrator's workload.


What is a  help desk Role?


A specific role or a set of roles that are delegated by administrator to a unique non administrative user to perform are called help desk roles.


What is OU based Delegation?


The OU based administration lets the administrator to delegate the tasks with a scope limited to a specific Organizational Unit i.e. help desk users can perform the delegated activities that fall under the purview of the assigned OU. This ensures that the security issues are intact and the delegation runs smooth.


How to create a help desk technician?


You can create new help desk technicians in two ways:

Creating new help desk technicians using the 'add new technicians' option

  1. Click the AD Delegation tab

  2. Click the Help Desk Technicians link, and then the Add New Technicians link.

  3. Select the desired domain.

  4. Choose the users, whom you wish to configure as help desk technicians, by clicking the browse button located beside the Select AD User field.

  5. Select the roles that you wish to delegate to the new technicians by clicking the choose link located beside the Select help desk roles field. (You can create customized roles based on your requirements.)

  6. Select the desired organizational unit (OUs), if you wish to restrict the scope of the technicians to only specific OUs instead of the entire domain, by clicking the Add OUs link located beside the Select OUs field.

  7. Select the Impersonate as Admin option, if you wish to assign admin permissions to the technicians being created.

  8. Click the save button to complete the creation of new help desk technicians.


  1. The Impersonate as Admin option elevates the users' permissions only in ADManager Plus and does not change their actual settings in AD.
  2. You can always assign more domains, groups, and also account creation/modification templates to the technicians, by modifying/editing them.



Creating help desk technicians using 'copy technician option'

The copy technician option allows you to create new help desk technicians with the same configurations of any existing technicians. By copying the configurations of the desired technician and applying them to the new technicians, administrators can create multiple new technicians with the same configurations.

To create a help desk technician using the copy technician feature,

  1. Click the AD Delegation tab.

  2. Click the Help desk Technicians link.

  3. From the list of existing help desks technicians, locate the technician whose settings you wish to copy.

  4. Click the copy icon located in the action column of the desired help desk technician.

  5. In the copy technician window that opens up, select the domain in which the users whom you wish to configure as technicians are located.

  6. Click the choose link located beside the Select AD User field, and pick the required users from the ones displayed.

  7. Click the create technicians button this will configure all the selected users as help desk technicians


How to create a help desk role?


There are some predefined help desk roles which you can find when you select theHelp Desk Roles link. You can also create new roles to meet your specific requirements.


To create a new help desk role:

  1. Click the AD Delegation tab

  2. Under Help Desk Delegation, click the Help Desk Roles link

  3. Click the   Create New Role link, to create a new help desk role from the scratch. You can also create a new role by just copying an existing role; to copy another role, follow these steps.

  4. In the create help desk role page, enter an appropriate name and description for the new role.

  5. From the list of tasks listed under management, reporting and administration, select the tasks that you wish to include in this role.

  6. If you wish to prevent a user with this role from using the bulk modification feature or the CSV import option, select the Deny Bulk Modification or Deny CSV Import options respectively.

  7. While creating users, if you wish to restrict the access to only specific attributes, use the User Attribute Privileges link located in the 'Create Users' section and select the desired attributes. Similarly, for groups and contacts, use the contact attribute privileges and group attribute privileges options respectively.

  8. Similarly, for a more granular selection of the attributes that can be modified/tasks to be included in the role, click the '+' icon located beside each task/action.

  9. Click the Save Role button to create the new role.

How to add more than one role/domain to a help desk technician?

  1. Click AD Delegation

  2. Click on Help desk technicians

  3. To modify technician details, click the  icon present near the technician's name on the summary page.

  4. Enable the required Domains in the Manageable Domains section

  5. You can now assign multiple roles by clicking on choose/change for the corresponding domain.

  6. You can modify Help Desk Role, OUs and also restrict the user to choose from a selected list of templates.

  7. Enable Impersonate as Admin option to allocate admin permissions to the users.

  8. Click Save Changes

Help Desk Delegation Flow


The core functional theme of Help Desk Delegation is that the technician can login to the ADMP console and perform the functions delegated by Administrator. For this to happen the Administrator should perform the following steps to authorize a help desk technician.

  1. Modify (click on ) or delete (click on ) existing technician or create a help desk technician

  2. Select or modify the predefined the help desk roles or create a new help desk role.

  3. Define the scope of each operation. Click on the images '+' for granular authorization.

  4. All the operations can be restricted to a specific OU. More about OU Restriction

Granular Authorization


Administrator can restrict the help desk technicians function to a specific part of OU or to specific attributes in a function.


Example: Help desk technicians can be allowed to modify Group attributes at the same time restricting or avoiding them to any of the sub functions like add to group or remove from group or set primary group.


OU Restriction


All the functions that are being performed by help desk technicians can be restricted to specific OU's. This enhances the security of Active Directory by authorization. 


Restrict Report Viewing


You can restrict the help desk technicians from viewing certain reports and can be imposed at the time of creating the help desk Role. This restriction can be imposed on all of the reports under a particular reports category say like User Reports, Computer Reports, etc., or on specific reports under each of these Report types. The view for those reports whose check boxes have been enabled will be restricted for the help desk Role.



Enable/Disable help desk Technician


Super Admin can enable/disable one or more help desk technicians based on his discretion. Click on the appropriate Enable or Disable icon adjacent to the respective Technician's name to achieve this operation. This enhances the security of Active Directory by authorization.  


Multiple Domain Management using help desk Technician


This feature allows the Administrator to allocate Multiple Domain Support for help desk technician (s). The following steps will help perform this operation:

Delegating Groups for help desk technicians


Administrator can associate help desk Technicians with specific groups using the Include/Exclude option of help desk Delegation. The following steps will help perform this operation:


  1. If the Included Groups List is alone mentioned, then the help desk Technician will have permissions only on those mentioned groups.

  2. If the Excluded Groups List is alone mentioned, then the help desk Technician will not have permissions on those mentioned groups.

  3. If both Included and Excluded columns contain data, then the ones that are unique with respect to Included List will hold good.

  4. In case both the lists are empty, then the groups associated with the delegated OUs will be considered.

Login Using Sample help desk Users


ADManager Plus offers "Login Options Using Sample help desk Technicians" for first time installations. Two sample help desk Logins will be allocated for HR and help desk, with create and reset password options respectively.


How does  help desk delegation help you ?


Help Desk delegation helps in disseminating the workload from administrator's desk. It reduces the burden on administrator there by allowing him to concentrate on core administrator activities.


It increases the productivity of users by eliminating administrator's intervention in self-manageable activities.


What is the scope of delegation?


Administrator can limit the scope of delegated activities according to his wish. He can limit the technicians to a specific organizational units or a part of organizational unit.


What about security?


Help desk delegation is delivered with a security shield. All the actions performed by help desk technicians will be in the purview defined, enabling security settings intact. To prevent security breach the technicians and their activities are fenced to a specific party of Active Directory and enforced authentication zeroes security pitfalls.


How to use help desk delegation?


For a successful implementation of this feature follow the below steps:

  1. Select the AD Delegation tab.

  2. Click the Help Desk Technician

  3. Select the domain

  4. Select the Active Directory user. Click Browse to select user. The selected user will be eligible to perform the roles defined in next steps.

  5. Select the role by clicking on 'choose'. This role will be assigned to the user selected. Be cautious in selecting the role. At a time you can delegate only one role to a user.

  6. Select the Organizational Unit. This limits the user's role only to that OU.

  7. Save.

How can help desk technicians modify first name and last name of users?

Here is a sample CSV file,


Note : For "sAMAccountName" please provide the existing sAMAccountName of the user and for "givenName" and "sn" please provide the new names (name to be modified).

Also, for help desk technician please make sure that "Modify Users" option is selected.


Help desk Implementation Scenarios


HR Department in your organization need not wait for the System Administrator to confirm that the newly joined employees are enrolled in the active directory. Help Desk Delegation allows an administrator to grant rights to the HR People to create new user accounts whenever a person is recruited. This saves time for both the departments and enhances productivity.

Copyright © 2015, ZOHO Corp.All Rights Reserved.