• Solutions
    • IAM in the cloud
    • IAM Hybrid
  • Career
  • To our products
    • my-IAM
    • IDM-Portal
    • DynamicGroup
    • DynamicSync
    • ADFAQ Blog
  • Company
    • About us
    • Our customers
    • Our partners
    • Career
    • News
  • Contact
  • Contact
  • IAM in the cloud
  • IAM Hybrid
FirstAttributeFirstAttribute
FirstAttributeFirstAttribute
  • Identity Management
    • IAM in the cloud
    • IAM Hybrid
  • Products
    • my-IAM
    • IDM-Portal
    • DynamicGroup
    • DynamicSync
  • Company
    • About us
    • Our customers
    • Our partners
    • Career
    • News
    • Tech Blog
  • Contact
  • English
    • German

Helpdesk and automated groups in AD

DynamicGroup, News |

 

Group management and especially security group management is an important part in Rights Access Management. Big companies and distributed organizations have to deal with a huge number of groups an permissions. These enterprises often have local IT coordinators to support daily adminstration and standard issues. Unfortunately permission management is still troublesome.

You could

  1. Completly delegate AD user management
  2. Delegate automated group management only

Our customer, a company with 12 branches, decided for the second option. The company does the main user management in the headquarter. User objects are created by the HR department staff. An Identity Management sync solution pushes them to AD and updates most necessary attributes. But then it comes to permission management.

Admin delegates dynamic groups to helpdesks - Admin view

Permission Management: Helpdesk and automated security groups

The attribute for department is used for a self-updating department group. DynamicGroup provides an easy Query Builder to create attribute based groups.
The customer executes most standard and global permissions by the headquarter IT department.

But there are a lot of small companies that have been acquired by the customer in the last years as well. 

These branches have local IT staff that takes care of special and local permissions as OU admins. They maintain specific permissions by themselves.

Local helpdesk and group automation

One example was a branch with a machine where people got access to via AD group permission.
This machine was only available to people with a certain value in their extensionAttribute5.
The local IT could create a security group with self-updating group memberships that added all users to that group, if they had extensionAttribute5 filled with “access_granted”

Dynamic Group Delegation  

DynamicGroup Delegation

DynamicGroup can be used by “full” admins and delegates.

This enables distributed helpdesks or local IT departments to maintain automatic security groups in their OU.

For more detailled information about the software solution, please visit the product page of DynamicGroup

 

Artikel erstellt am: 21.04.2020
Tags: Active Directory
Share

You also might be interested in

The future of Active Directory: Where will AD go from here?

Jul 26, 2023

More and more companies are relying on services in the[...]

Microsoft Entra is the new umbrella for Azure Active Directory

Jan 10, 2023

With Microsoft Entra, Microsoft introduces a new product family in[...]

Entra and AD Group Management with IDM-Portal 5.1

Feb 4, 2025

The group management process is simplified with the latest version[...]

Empfohlene Beiträge

  • Brains on Silicon 2025: AI Meets Identity in Dresden
  • FirstAttribute joins the Bavarian Environmental and Climate Pact
  • Megatrend: Distributed identity management
  • FirstAttribute joins the Rewe Team Challenge Dresden 2025
  • FirstAttribute Honored with Familienpakt Bayern Membership

Our IAM Solution

IDM-Portal

Discover our my-IAM platform

Contact Info

  • FirstAttribute AG
  • Am Büchele 18, 86928 Hofstetten, Germany
  • +49 81 969 984 330
  • info@firstattribute.com
  • https://firstattribute.com/

Umwelt- und Klimapakt Bayern


Familienpakt-Bayern-Logo

Solutions

  • IAM in the cloud
  • IAM Hybrid

Company

  • Career
  • Contact

Latest News

  • Brains on Silicon 2025: AI Meets Identity in Dresden
  • FirstAttribute joins the Bavarian Environmental and Climate Pact
  • Megatrend: Distributed identity management
  • FirstAttribute joins the Rewe Team Challenge Dresden 2025
  • FirstAttribute Honored with Familienpakt Bayern Membership

© 2025 · FirstAttribute AG.

  • Legal Information
  • Privacy Policy
Prev Next