How can I provide my Helpdesk access so that they can utilize Active Directory with limited privileges?

joukiejouk
joukiejouk used Ask the Experts™
on
Is there a free tool or is there a way to create a UI for my Helpdesk so they can have the ability to look at the AD tree?  Or if there is no such way, how should I assign limited privileges so that they can only view users, view computers and it's OU, etc.?

AD environment is Server 2008 R2 Standard.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2016
Commented:
many ways.. restricted group comes to mind immediately.. now you have to edit permissions either in ADSI or in ADUC
there are tools, take a look at admanager plus from ManageEngine

Author

Commented:
Are their any free tools?
Technical Lead
Top Expert 2011
Commented:
You can delegate rights in AD and install adminpak(Winxp) or RSAT(Win7) on non admin workstation so that they can manage the same from PC instead of login to DC.

Active Directory rights delegation – overview
https://kpytko.wordpress.com/2012/05/16/active-directory-rights-delegation-overview/ 

How to Delegate Basic Server Administration To Junior Administrators  
http://support.microsoft.com/kb/555986

Best Practices for Delegating Active Directory Administration
https://www.microsoft.com/en-in/download/details.aspx?id=21678

Author

Commented:
OK, I will take a look at all these.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial