Delegation of dynamic groups
IT Admin delegates group management to colleagues
With DynamicGroup Delegation Mode, you can delegate several AD group management tasks.
Let local IT coordinators manage their own dynamic security groups.
Delegation Mode features
The delegation of mode of DynamicGroup enables local OU admins
to maintain self-updating security groups by themselves.
- Share AD dynamic group management
- OU admins maintain automated groups
- Access to “service” and “configuration” menu
Delegation of dynamic AD groups to helpdesk
An IT admin wants to delegate the maintenance of a few dynamic security groups in Active Directory.
Local helpdesk or IT coordinators should only see OUs they have to manage.
Example: In an international company, the central IT department wants to delegate AD group management:
– Local helpdesk Germany (1): dynamic group memberships for German sites
– Local helpdesk US (2): dynamic security groups of offices in the United States.
Both local helpdesks need to manage their groups – without being able to see or edit the rest of the AD tree.
With DynamicGroup, each helpdesk sees only the organizational units for which it is authorized.
It allows delegation based on the organizational units of the site or department.
How to give permissions to OU administrators
1. Step – Active Directory Users and Computers
The IT Admin gives different permissions to each local OU admin / helpdesk in the
Active Directory Users and Computers Console.
The HQ administrator keeps full control of the AD tree.
DynamicGroup in admin view allows access to AD tree and services.
The IT administrator keeps full control. He has access to:
- Services and controle menu
- Service tab
- Full AD tree and all OUs
2. Step – DynamicGroup:
IT administrator activates the delegation mode in DynamicGroup.
1. Go to services and activate the delegation mode
2. Add your Admin Console Group under “Console Administrator Group” and save.
With DynamicGroup Delegation Mode, the IT admin can share a part of the AD administrative work with helpdesks.
Increase security and simplify teamwork through AD group delegation.
Helpdesks only see OUs they have to manage
Local helpdesk 1 in Germany can only
see and manage DE and sub-OUs
.
Local helpdesk in US can only
see and manage US and sub-OUs.
Both Helpdesks can not see the “Services” tab anymore (compare with picture above).
The menu items “Services” 
and “Configurations”
are deactivated.
Helpdesks are enabled to maintain their local groups and IT admins can concentrate on other projects ;).
The advantages
Delegating AD management tasks brings relief for IT departments:
Local helpdesks take over the management of their own sites.
More security
Local admins manage dynamic groups in their own OUs.
Time-savings
Save time by sharing IT admin tasks with local helpdesks.
Clear overview
Delegates get more visibility.
They only see what they need.
