Avatar of ifred
ifred
Flag for Canada asked on

Helpdesk delegation for helpdesk level 1 - Win 2008 domain and Exchange 2003

I have two junior helpdesk guys, they should have access to do day to day maintenance on AD like creating and deleting users, changing group membership and changing settings on exchage mailboxes like permissions.

what is the best way of doing so ?
Windows Server 2008ExchangeActive Directory

Avatar of undefined
Last Comment
ifred

8/22/2022 - Mon
Mike Kline

Take a look at the account operators group http://technet.microsoft.com/en-us/library/cc756898(WS.10).aspx

You can use delegation too but that group should meet most requirements

Thanks

Mike
vmagan

You can also create another group add the two junior techs to that group. Then you will have to create a gpo link it and modify the ACL to only give access for specific task. Ex. reset password, add/remove user. Things of that nature.

Account operator might also work but with modifying the ACL you have more control of what you want them to have access to do.

If you need a step by step let me know.

Thanks
ASKER CERTIFIED SOLUTION
Sandesh Dubey

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
ifred

ASKER
The solution help me track a better way to control delegation.
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes