Back to Blog
Ad helpdesk5/15/2023 ![]() OU-based group management through helpdesk There are alternative options for them (e.g. “Normal” employees must first have a good knowledge of group concepts and need a training period. The AD console isn’t easy to understand for non IT-employees and might be to complex and confusing to work with. With this solution, the IT admin can delegate the management of groups, but only to IT-related employees like helpdesk personell. Now he decides which rights the helpdesk gets. With a right click on the OU he selects “Delegate Control …” to start the wizard. First, the IT admin selects the OU he wants to delegate to the helpdesk, in our example the “DE Groups”. In the ADUC, there is the Active Directory Delegation of Control Wizard, shortly called Delegation Wizard. Set up the AD Delegation Wizard for group management With this method, the IT admin can now delegate DE group management to a helpdesk. Here “DE Groups” for all groups related to Germany. Each of these sub-OUs only contains location groups we want to delegate. In this group, he creates a sub-OUs for each location. In our sample organisation, the IT admin has an OU “Groups” for all authorization groups. We limit ourselves to Germany as a location here. He would like to delegate the administration of all groups to the respective IT-location. Example scenarioįor a better understanding, let’s take the example of an IT administrator from a global company headquarters. to a helpdesk, you will have to isolate groups we want to delegate.Įasier said, we need an organizational unit (OU) because an OU can be delegated. If we want to delegate the access rights of each group e.g. There is no direct delegation of groups with users and computers. the Active Directory User Console (ADUC)? How can group processing be distributed using on-board resources, i.e. Manage AD groups with ADUC through Helpdesk Simplify, make sure that the user can use the solution.To delegate AD group management, we need to consider some criteria: Hand AD groups administration to Non-IT staff.Delegate self-updating AD group management.OU-based group management through helpdesk.Set up the AD Delegation Wizard for group management.Manage AD groups with ADUC through Helpdesk.Manage all org-wide settings, including federation, Teams upgrade, and Teams client settings.Note: Users assigned to this role will have access to all content.Īssign the Teams service admin role to users who need to access and manage the Teams admin center. Manage site collections and global SharePoint settings.Manage the What’s New content that users see in their Office appsĪssign the Service admin role as an additional role to admins or users whose role does not include the following, but they still need to do the following:Īssign the SharePoint admin role to users who need to access and manage the SharePoint Online admin center.Use the Office cloud policy service to create and manage cloud-based policies for Office.Note: The Helpdesk admin can only help non-admin users and users assigned these roles: Directory reader, Guest inviter, Helpdesk admin, Message center reader, and Reports reader.Īssign the Office Apps admin role to users who need to do the following: Create, edit, delete, and restore Azure Active Directory security groupsĪssign the Helpdesk admin role to users who need to do the following:.Create and update group creation, expiration, and naming policies.Create, edit, delete, and restore Microsoft 365 groups.This role can be good when performing an audit.Īssign the groups admin role to users who need to manage all groups’ settings across admin centers, including the Microsoft 365 admin center and Azure Active Directory portal. The global reader admin cannot edit any settings. Pro tip : Giving too many users global access is a security risk and we recommend that you have between 2 and 4 Global admins.Īssign the global reader role to users who need to view admin features and settings in admin centers that the global admin can view. Note:The person who signed up for Microsoft online services automatically becomes a Global admin. Recover deleted items in a user’s mailboxConfigure Archiving and Deletion PolicesConfigure Anti-Spam protectionSet up “Send As” and “Send on Behalf” delegatesĪssign the Global admin role to users who need global access to most management features and data across Microsoft online services.Assign the Exchange admin role to users who need to view and manage your user’s email mailboxes, Microsoft 365 groups and Exchange Online.
0 Comments
Read More
Leave a Reply. |