Active Directory Help Desk Management
As organisations grow, the scope of IT department tasks increases and snowballs thus hampering timely and efficient Active Directory Management and bringing up the issue of help desk management and delegation. Active Directory help desk management allows you to relieve administrators' workload as the burden of simple routine tasks is taken from them to help desk operators. In this way, administrators don't waste time performing tasks that can be done by less qualified staff and can turn to knowledge-intensive work. Using Softerra Adaxes, you can facilitate the procedures related to delegation, automation and monitoring of help desk operations and provide help desk technicians with web-based access to Active Directory.
Web Interface for Active Directory Help Desk Management
Softerra Adaxes provides Active Directory Web Interface that enables controlled and secure web-based access to Active Directory. With Adaxes Web Interface, help desk operators obtain an efficient working environment and can perform multiple operations in multiple Active Directory domains via a standard web browser.
To implement the need-to-know principle, administrators can customise the Web Interface in such a way that it will display only the functionality necessary to complete help desk tasks and avoid visual noise in the user interface. For more details, see Active Directory Web Interface Customisation.
Help desk operators can also use the Web Interface to perform day-to-day management of Exchange accounts and distribution lists. For example, they can set automatic replies for users who are out of office, show or hide mailboxes from Exchange address lists, enable or disable mailbox features, such as Unified Messaging, IMAP or Archiving.
Adaxes Web Interface can be customised to minimise the number of steps required from help desk operators to perform Exchange tasks.
Role-Based Active Directory Help Desk Delegation
Delegation of permissions via native AD tools is a cumbersome, clumsy and error-prone process as it involves manual maintenance of multiple ACLs across Active Directory. Softerra Adaxes allows you to facilitate this process with the help of Role-Based Security Model. According to this model, permissions are grouped into security roles for different job functions within an organisation. Employees are assigned specific roles that correspond to their functions. In this way, permissions are not delegated directly to individual groups or users, but are distributed and managed centrally through roles.
For Active Directory help desk management, Softerra Adaxes provides the built-in role named Help Desk. This role grants permissions for common help desk tasks such as password reset, account unlock, and account options modification. You just need to assign the corresponding users or groups to this role and specify where they can apply its permissions.
Unlike the native Active Directory security model that allows granting permissions over domains or OUs only, flexible assignment mechanism of Adaxes makes it possible to grant permissions over AD domains, OUs, groups, specific objects, and virtual collections of AD objects. The most interesting assignment variant is virtual collections of AD objects called Business Units. Business Units unite AD objects that correspond to specific membership rules regardless of the location of these objects in Active Directory. This lets you create alternative hierarchies of AD objects without changing Active Directory structure, thus obtaining virtually unlimited assignment possibilities. For example, you can allow help desk operators to exercise permissions on all users whose department is Marketing or on all workstations in your network, or on all disabled accounts and so on and so on.
Monitoring of Active Directory Help Desk Management
When delegating tasks for Active Directory help desk management, administrators may want to review the operations performed by help desk technicians. Adaxes offers such possibility as it keeps track of all operations performed with its help in Active Directory. Using this tracking feature, administrators and authorised users can review all operations executed in all AD domains. This allows them to monitor operations performed by specific users or on specific objects and find out who performed what operations.
To stay informed about specific operations, administrators can configure Adaxes to send e-mail notifications when such operations are performed. For example, e-mail notifications can be sent when members are added to a specific group, or when users are created, or when accounts are moved to a particular OU. In this way, administrators can stay informed about the situation in their AD domains and timely react to any wrong actions related to Active Directory help desk management.
To control critical operations and prevent their execution when they are undesired, Adaxes gives a possibility to send requests for approval of specific operations to authorised persons. These authorised persons receive requests with information on the attempted operation and decide whether to allow or deny it. Approval requests allow assigning additional permissions to extend Active Directory help desk management without the risk of misuse of these permissions. For example, administrators can assign user deletion or creation tasks to help desk and then control how these tasks are executed denying any incorrect operations.