This scenario shows how to use an Access Template that allows a Help Desk service to perform day-to-day operations on user accounts, such as resetting passwords, viewing user properties, locking and unlocking user accounts.
The scenario also involves a group to hold Help Desk operators. The Access Template is applied so that the group is designated as a Trustee, thus giving the administrative rights to the Help desk operators. When both the Access Template and group are prepared, you can implement a Help Desk administration in your enterprise.
Suppose you need to authorize the Help Desk to manage user accounts in the Sales organizational unit. To implement this scenario, you should perform the following steps:
As a result of these steps, each member of the Help Desk group is authorized to perform management tasks on user accounts in the Sales organizational unit. The Help Desk Access Template determines the scope of the tasks.
The following sections elaborate on each of these steps.
For the purposes of this scenario, you can use the predefined Access Template Users – Help Desk, located in the folder Configuration/Access Templates/Active Directory. The Users – Help Desk Access Template specifies the necessary permissions to reset user passwords, unlock user accounts, and view properties of user accounts.
This scenario assumes that you apply the predefined Access Template Users – Help Desk.
To create a group, right-click an organizational unit in the console tree, select New | Group, and then follow the instructions in the New Object – Group wizard. The wizard includes the page where you can add members (Help Desk operators) to the group you are creating.
Figure 22: Access Template - Delegation of control
For more information about the Delegation of Control wizard, see Applying Access Templates earlier in this chapter.