How can I provide my Helpdesk access so that they can utilize Active Directory with limited privileges?

Is there a free tool or is there a way to create a UI for my Helpdesk so they can have the ability to look at the AD tree?  Or if there is no such way, how should I assign limited privileges so that they can only view users, view computers and it's OU, etc.?

AD environment is Server 2008 R2 Standard.
joukiejoukAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David Johnson, CD, MVPOwnerCommented:
many ways.. restricted group comes to mind immediately.. now you have to edit permissions either in ADSI or in ADUC
0
Bryant SchaperCommented:
there are tools, take a look at admanager plus from ManageEngine
0
joukiejoukAuthor Commented:
Are their any free tools?
0
SandeshdubeySenior Server EngineerCommented:
You can delegate rights in AD and install adminpak(Winxp) or RSAT(Win7) on non admin workstation so that they can manage the same from PC instead of login to DC.

Active Directory rights delegation – overview
https://kpytko.wordpress.com/2012/05/16/active-directory-rights-delegation-overview/ 

How to Delegate Basic Server Administration To Junior Administrators  
http://support.microsoft.com/kb/555986

Best Practices for Delegating Active Directory Administration
https://www.microsoft.com/en-in/download/details.aspx?id=21678
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
joukiejoukAuthor Commented:
OK, I will take a look at all these.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.