Use-case: How to grant role-specific permissions to specific AD users? For example, how to delegate user creation permissions to an HR and user deletion permissions to an IT technician?

Use-case: How to grant role-specific permissions to specific AD users? For example, how to delegate user creation permissions to an HR and user deletion permissions to an IT technician?

You can easily delegate specific permissions to specific AD users, as per your organizational requirements. For example, user creation permissions can be granted to to your HR while user deletion permissions can be delegated to an IT technician.
 
The procedure followed in delegating permissions via ADManager Plus is:
Create a help desk role with the required permissions.
Add a help desk technician and map the role onto the technician.
Steps:
 
Step 1: Go to AD Delegation --> Help Desk Roles --> Create New Role
Step 2: Enter a name for the role in Role Name, select the checkbox for 'Create Users' and Save the role. You can also select the attribute-level privileges for this role using the option User Attribute Privileges
Step 3: Now, go to AD Delegation --> Help Desk Technicians --> Add New Technician
Step 4 : Select the desired AD User(s) (HR), using the + icon.
Step 5: Now, select the help desk role you just created and click OK. Then, click Save. This will add the HR account as a technician with the designated help desk role mapped onto it. Your HR will now be able to create users in AD.



Similarly, you can create another help desk role with 'Delete Users' permissions, add an IT technician as a help desk technician and assign this role to him/her.
 
This is how 'user creation' permissions can be delegated to an HR and 'user deletion' permissions to an IT technician.


ADManager Plus Team
Toll Free:+1888-720-9500
Email: support@admanagerplus.com
ADManager Plus - Active Directory Management & Reporting Software
      • Topic Participants

      • Scott

                New to ADSelfService Plus?