Why am I seeing a "Permission Denied" error after delegating a role using ADManager Plus?

Why am I seeing a "Permission Denied" error after delegating a role using ADManager Plus?

Issue description   

In ADManager Plus, a "Permission Denied" error may appear when a help desk technician or user tries to perform actions such as user creation or group modification, even though the role seems to be correctly assigned in the interface.

Possible causes   

  1. Missing permissions in the delegated role: The role may lack the specific permissions required to perform the intended task.

  2. Incorrect scope configuration: The role may not have access to the appropriate organizational units (OUs) or groups needed for the action.

  3. Technician-role mapping issues: The technician may not be correctly associated with the role or changes to their permissions haven’t been saved or applied.

  4. Delayed permission sync: Changes to permissions or roles may take time to reflect due to back-end caching or sync delays.

Prerequisites   

  • Make sure the service account configured in ADManager Plus has sufficient privileges in Active Directory to perform the requested actions.

Resolution   

Step 1: Verify the help desk technician role configuration  

  1. Log in to ADManager Plus.

  2. Navigate to Delegation > Help Desk Delegation > Help Desk Roles.

  3. Locate the role where the error occurs and click the Edit icon.

  4. Verify that the required operation (such as user creation or modification) is selected.

  5. Click Update to save the changes.

Step 2: Check the OU and scope assignment  

  1. Go to Delegation > Help Desk Delegation > Help Desk Technicians.

  2. Select the technician experiencing the permission issue and click the Edit icon.

  3. Ensure the appropriate OUs, groups, or domains are assigned to the technician.

Step 3: Confirm the role assignment  

  1. Navigate to Delegation > Help Desk Delegation > Help Desk Technicians.

  2. Select the technician facing the issue and click the Edit icon.

  3. In the Select Help Desk Roles drop-down, ensure the technician is assigned the correct role with the required permissions.

  4. If any changes are made, reassign the role and click Save Changes.

  5. Restart the ADManager Plus service if needed for the changes to take effect.

Step 4: Test in a new browser session  

  • Log in to ADManager Plus as the help desk technician using a private or incognito window to eliminate any session- or caching-related issues.

 Tips   

  • After updating roles or permissions, clear your browser cache or start a new session to test the changes.

  • Check the Audit Report in the Delegation tab to identify which actions are being restricted.

  • If needed, use another technician account with the same role to determine whether the issue is related to the role itself or specific to the technician.

How to reach support   

If the issue persists, contact our support team here

                  New to ADSelfService Plus?