FirstWare DynamicGroup – Part 2: Delegation Mode

by A.K.in DynamicGroup, FirstWareon Posted on

The estimated reading time 2 minutes

go back to FirstWare DynamicGroup – Part 1: a small tutorial

As described in part 1 the topic in this blogpost is the brandnew “Delegation Mode”. I want to show with some simple examples the basic functionality and the big advantages for delegating to helpdesk users.

First of all, what is a “normal” AD delegation?
Simple explanation is, to give administration to other people or groups. Not much clarity so far.
Example: IT Admin has a second employee and wants him to do password resets and adding users to groups. the second employee should have only these two rights in Active Directory. How can we achieve this?

In my lab there is a small OU structure and some helpdesk users, I gave helpdesk02 the right for delegation on OU= Sigmaringen. For this I simply used the delegation wizard.

Of course you should use groups for delegations, so you can change this permissions easily.

Next step are the permissions.

Finally the delegation is completed and should work.
NOTE: my helpdesk02 user does not have ANY adminrights.

Inside the software FirstWare “Delegation Mode” is not active so user helpdesk02 can see all OUs but can of course only change settings in OU Sigmaringen. Fine.

I installed the software with the “dgadmin” user, so I use this user to activate the “Delegation Mode” (change user on my management server).

Going back to helpdesk02 I’m able to see all OUs in normal AD console. But again I can only edit groups in OU Sigmaringen.

After opening FirstWare I can only see my delegation, so this is kind of ABE (AccessBasedEnumeration) for AD.

Conclusion: with this peace of software you can implement delegation and user with little experience can also manage AD group selections. Your AD groups should be in good condition to use this kind of tool properly. It is also possible to install the software on workstations. See the requirements:

Delegation Mode helps to protect your ACLs and also simplifies administration.
Have fun with this tool and if you like this blogpost, please click on helpful and download the 30 days eval version. Please write my blog url in the message window when registering.

This article was created with the kind support of:

software link: https://www.dynamicgroup.net/de/download/

Print Friendly, PDF & Email
Was this article helpful?
YesNo
0 0 votes
Article Rating
Subscribe
Notify of
guest
1 Kommentar
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
trackback
FirstWare DynamicGroup - Part 1: a small tutorial - it-koehler-blog
4 years ago

[…] Have a look at the brand new “Delegation Mode” which is described in my second part FirstWare DynamicGroup – Part 2: Delegation Mode […]

0
Reply