Phone  +49 89 215 442 400

Active Directory administration and delegation

Specify your AD tasks and hand it to the department in charge

User and authorization management in an Active Directory environment is commonly a task of the IT department. Usually the Non-IT staff lacks necessary qualification or authorization to administrate the Active Directory.

FirstWare Admin is created to simplify, automate and delegate your Active Directory administration.

Active Directory Task Delegation
Product -Info Demo -request
  • completely customizable form-based solution
  • Tailormade interface for your AD administration
  • performed actions are traceable and meet requirements of the compliance management
  • Fat-Client or Web-based solution - you decide

Initial Situation AD Delegation

Active Directory administrators are in charge of a stable operating Active Directory environment. At the same time they take care of the maintenance of user accounts and authorizations.

When it comes to the assigning authorizations, AD admins work on behalf of organizational managers. The admins set the authorizations technically, but they don't decide which user gets what authorization.

The admins are also responsible for the data quality of the Active Directory, such as correct address and phone information of all user accounts. Most of the time current information don't arrive the IT department at an early stage. As a result, the Active Directory data is much older than the current data of the HR department.

Active Directory dynamische Sicherheitsgruppen

FirstWare-Admin closes the gap between organizational and technical responsibilities, by delegating repetitive tasks to personnel, which can take the organizational decisions or have the necessary information.

Thus, the HR department could update address and telephone information to the user objects or even create user accounts for new employees in the AD directly.

A head of department could manage authorizations of the file system, since he decides, which employees should receive which permissions.


Scenarios and Solutions AD Delegation

Delegation of the Account Management to the Help Desk

The account management is often performed by a first-level help desk. However, the help desk takes only selected administrative actions and usually not a complete user and authorization management. These actions include ample :

  • Password Reset
  • Unlocking of user objects or
  • Deactivation of user objects

Delegation with FirstWare Admin:
We will provide you a form that is tailored precisely to the administrative tasks you want to delegate. The help desk staff is able to select a user object, but can only perform administrative actions that have been defined in advance.

Delegate the Administration of Addresses and Phone Numbers

Addresses and telephone numbers stored in the Active Directory are often used in address books of e-mail systems. In addition, many companies use Active Directory data to provide a phone book in the intranet.

Maintaining the address and phone information of user accounts doesn't need to be done by the AD administrators. It can also be delegated to other coworkers. Ideally, the update and change of the attributes should be performed by the person, who receives the information first. This could be a colleague from the HR department or a team assistant. Without getting an IT admin involved, the Active Directory data can be changed or updated directly by the staff using a customized form:

Sample form address and telephone management:



Delegate the administration of MS Exchange address lists

Microsoft Exchange uses the information of the Active Directory to provide them as address book for the mail clients. In addition to the global address book (default global address list) other address lists can be created. The lists can also be used by mail clients. These lists could be own address lists with contacts to partner companies or additional address lists of a certain division. Additional address lists contain Active Directory contacts that should not be shown in the global address book. With specific configurations it is possible to create these contacts as non-global on the one hand, but to still keep them available to be used as a mail contact on to the other hand.

Sample Form Address List Management:



Delegation:  Let the HR staff create new user accounts

The creation of new user objects in Active Directory is usually performed by the AD administrators because many parameters must be configured. For the admin it is a time consuming factor to create the account properly that the user can log on to a system. Only an AD administrator can configure the parameters properly to create users without additional tools. These parameters include for example:

  • First name, Last name
  • Login Name
  • Mail
  • Address and phone information
  • Profile paths
  • Mailbox
  • Home directory and
  • various rights
  • groups or distribution lists

With FirstWare-Admin you can preconfigure necessary parameters to create a new user objects. Individual forms for creating new user objects are designed according to your ideas. A Non-IT administrator (e.g. HR staff) can fill the form without deeper Active Directory knowledge.  Moreover, the administration will become simplified and easy to understand. The form fields can be named with vocabulary that the employee uses in his or her everyday environment - AD specific terms or IT know-how are not necessary for the adminstration.

Benefits FirstWare-Admin:

  • HR can create users in Active Directory without the IT admin
  • IT admin saves time
  • HR reduces waiting time for the account provisioning
  • No IDM system necessary
    FirstWare-Admin is a mighty, but in size small tool to access the AD directly
  • Created new accounts entirely with just one single form
    - and the new employee can directly start after you finished

Sample form to create new users:


Provision of an Active Directory telephone book for the Intranet

As already described in other solution scenarios, the Active Directory provides information for the address book of the Microsoft Exchange mail system (global address list, GAL). FirstWare-Admin enables you to use this address book as a web based telephone book for the intranet. Besides the fact that we offer an AD based phone book for the intranet, the same form can be used to manage and to change address and phone information.

Example intranet phone book based on the Active Directory:


Integration of the organizational management in the Active Directory

Many internal processes are based on workflows, which start with a request by an employee. This request must be approved or rejected by a supervisor. The hierarchy of a company is usually not enshrined over the years, but is subject to regular changes.

FirstWare-Admin helps you to integrate the organizational management in your Active Directory. You can use customized forms to manage the organizational structure of your company. Use FirstWare-Admin to delegate the allocation of supervisors for a user easily. The used attributes are already available within the Active Directory.


Traceable AD administration to meet compliance management requirements

The forms of FirstWare-Admin provide the opportunity to simplify and automate your Active Directory administration. All actions are traceable in order to meet the requirements of the compliance management. FirstWare-Admin enables you to answer the questions of the internal or external auditors at any time. All administrative procedures and technical information are recorded in a protocol.

Screenshot: Log entry for change of the address information of an Active Directory user



Integration of additional information such as employee number, cost center, state

The Active Directory is developing to a central directory in many companies. The reason is, that it does not only provide technical information, but also business-related data, such as:

  • Personnel numbers
  • Cost centers
  • Company codes or
  • Information about branches and locations

FirstWare-Admin allows you to integrate and manage any additional information in the Active Directory. Moreover the Active Directory can be used as the point of contact for external systems. Updated or changed attributes of a user can be transferred very quickly in connected systems. It is even possible to integrate the status of a user, such as:

  • internal employee
  • external employee
  • intern
  • trainee
  • Date of entry etc.

Through the use of FirstWare-Admin, the Active Directory can very efficiently be used as a small identity management system. You will recognize not only a benefit in the Active Directory administration itself, but also with other systems or databases.


Further Information

If you are interested in a delegated Active Directory administration, please feel free to contact us. We are happy to receive your question or request.

Product -Info Demo -request


FirstWare-Admin - Konfiguration der Vorgaben auf OU-Ebene

Active Directory Delegation

With FirstWare-Admin you can split up the Active Directory administration into tasks which can be assigned to different persons(Delegation). Hence, employees can manage their assigned tasks however extensive their IT-know-how might be.
By creating individual forms for the Active Directory Delegation it is possible to supply the user with a tool he understands more readily.
The following scenarios have already been successfully implemented using FirstWare-Admin.

  • Active Directory Delegation of the setup of a new user for the HR-department
  • Active Directory Delegation of individual changes to attributes, e.g.  address-information
  • Integration of additional information, e.g.cost-and booking-agency
  • Active Directory Delegation for the assignment of authorizations per Department
  • Delegated and simplified administration of authorizations by Department
  • Active Directory auditing
  • Status controlling for user-objects (holiday, part-time, maternity leave, etc.

User and group management

The screenshot shows a form used for creating a user and also to configure the user settings. The configuration of the home-directory, the post box and the assignment of authorization are all done using the same interface:

Delegierte Benutzeranlage mit FirstWare-Admin

Active Directory Adress Management:

Active Directory Adress Management:

Active Directory Accountverwaltung:

Active Directory Accountverwaltung:

Active Directory Kontakverwaltung:

Active Directory Kontakverwaltung:

Active Directory Telefonverwaltung:

Active Directory Telefonverwaltung:


  • FirstWare DynamicGroup 2018

    100 groups in 10 seconds

  • FirstWare DynamicGroup 2015.2 Update

    DynamicGroup 2015.2 Update online

  • AD Consolidation Project

    AD Migration with Dell Migration Manager for Active Directory

  • DynamicGroup 2015 Release

    FirstWare-DynamicGroup 2015 released

  • AD Specialists in Frankfurt

    AD Consultants running in Frankfurt

  • Integration of Cloud Services like Office 365

    Integration of Cloud services to the IT infrastructure - Office 365.

  • Active Directory attributes and Outlook signature

    Using Active Directory attributes for the Outlook signature

  • Delegate Active Directory User Management to Human Resources

    Easily delegate AD User Management to HR with FirstWare-Admin

  • Access Based Enumeration Traverse Folder Service

    Building a self-administrating Access Based Enumeration authorization structure

  • Identity Management for Small to Medium-Sized Enterprises (SME)

    Assign Active Directory a central role as Active Directory based Identity Management System.


©2018 FirstAttribute AG - All rights reserved.

Realization Site Point GmbH

Legal notice