[Webinar] Learn how to a build a cloud-first strategyRegister Now


Helpdesk delegation for helpdesk level 1 - Win 2008 domain and Exchange 2003

Posted on 2011-10-07
Medium Priority
Last Modified: 2012-05-12
I have two junior helpdesk guys, they should have access to do day to day maintenance on AD like creating and deleting users, changing group membership and changing settings on exchage mailboxes like permissions.

what is the best way of doing so ?
Question by:ifred
LVL 57

Expert Comment

by:Mike Kline
ID: 36933084
Take a look at the account operators group http://technet.microsoft.com/en-us/library/cc756898(WS.10).aspx

You can use delegation too but that group should meet most requirements



Expert Comment

ID: 36933263
You can also create another group add the two junior techs to that group. Then you will have to create a gpo link it and modify the ACL to only give access for specific task. Ex. reset password, add/remove user. Things of that nature.

Account operator might also work but with modifying the ACL you have more control of what you want them to have access to do.

If you need a step by step let me know.

LVL 24

Accepted Solution

Sandeshdubey earned 1500 total points
ID: 36935011
Create a group like "helpdesk admins" then open Active Directory Users & Computers MMC snap-in right click on OU where you want them to give rights, if you want give them rights over whole domain then right click on domain name, select delegate control option.

In the resulting wizard select the group you created earlier "helpdesk admins" click next then click Create a Custom Task to delegate then click next.Select which tasks the groups will be able to perform.

Refernce link:http://www.windowsecurity.com/articles/Implementing-Active-Directory-Delegation-Administration.html


Author Closing Comment

ID: 37008478
The solution help me track a better way to control delegation.

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to effectively resolve the number one email related issue received by helpdesks.
This article will help to fix the below errors for MS Exchange Server 2016 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question