Specify your AD tasks and hand it to the department in charge
User and authorization management in an ActiveDirectory environment is commonly a task of the IT department.Usually the Non-IT staff lacks necessary qualification orauthorization to administrate the Active Directory.
FirstWare Admin is created to simplify, automate anddelegate your Active Directoryadministration.
- completely customizable form-basedsolution
- Tailormade interface for your ADadministration
- performed actions are traceable and meet requirements of thecompliance management
- Fat-Client or Web-based solution – you decide
Initial Situation AD Delegation
Active Directory administrators are in charge of a stableoperating Active Directory environment. At the same time they takecare of the maintenance of user accounts and authorizations.
When it comes to the assigning authorizations,AD admins work on behalf of organizationalmanagers. The admins set the authorizations technically,but they don’t decide which user gets what authorization.
The admins are also responsible for the data quality of theActive Directory, such as correct address and phone information ofall user accounts. Most of the time current information don’tarrive the IT department at an early stage. As a result, theActive Directory data is much older than the current dataof the HR department.
FirstWare-Admin closes the gap betweenorganizational and technical responsibilities, bydelegating repetitive tasks to personnel, whichcan take the organizational decisions or have the necessaryinformation.
Thus, the HR department could update address andtelephone information to the user objects or even createuser accounts for new employees in the AD directly.
A head of department could manage authorizations of thefile system, since he decides, which employees shouldreceive which permissions.
Scenarios and Solutions AD Delegation
Delegation of the Account Management to the Help Desk
The account management is often performed by a first-level helpdesk. However, the help desk takes only selectedadministrative actions and usually not a complete user andauthorization management. These actions include ample :
- Password Reset
- Unlocking of user objects or
- Deactivation of user objects
Delegation with FirstWare Admin:
We will provide you a form that is tailored precisely tothe administrative tasks you want to delegate. The helpdesk staff is able to select a user object, but can only performadministrative actions that have been defined inadvance.
Delegate the Administration of Addresses and Phone Numbers
Addresses and telephone numbers stored in the Active Directoryare often used in address books of e-mail systems. In addition,many companies use Active Directory data toprovide a phone book in the intranet.
Maintaining the address and phone information of user accountsdoesn’t need to be done by the AD administrators. It can also bedelegated to other coworkers. Ideally, the update and change of theattributes should be performed by the person, who receivesthe information first. This could be a colleague from theHR department or a team assistant. Without getting an ITadmin involved, the Active Directory data can be changedor updated directly by the staff using a customized form:
Sample form address and telephone management:
Delegate the administration of MS Exchange address lists
Microsoft Exchange uses the information of the Active Directoryto provide them as address book for the mail clients. Inaddition to the global address book (default globaladdress list) other address lists can be created.The lists can also be used by mail clients. These lists could beown address lists with contacts to partner companies or additionaladdress lists of a certain division. Additional address listscontain Active Directory contacts that should not be shownin the global address book. With specific configurationsit is possible to create these contacts as non-global on the onehand, but to still keep them available to be used as a mail contacton to the other hand.
Sample Form Address List Management:
Delegation: Let the HR staff create new useraccounts
The creation of new user objects in Active Directory is usuallyperformed by the AD administrators because many parameters must beconfigured. For the admin it is a time consuming factor to createthe account properly that the user can log on to a system.Only an AD administrator can configure the parametersproperly to create users without additionaltools. These parameters include for example:
- First name, Last name
- Login Name
- Address and phone information
- Profile paths
- Home directory and
- various rights
- groups or distribution lists
With FirstWare-Admin you can preconfigure necessaryparameters to create a new user objects.Individual forms for creating new user objects aredesigned according to your ideas. A Non-IT administrator (e.g. HRstaff) can fill the form without deeper Active Directoryknowledge. Moreover, the administration will becomesimplified and easy to understand. The form fields can be namedwith vocabulary that the employee uses in his or her everydayenvironment – AD specific terms or IT know-how are not necessaryfor the adminstration.
- HR can create users in Active Directory without the ITadmin
- IT admin saves time
- HR reduces waiting time for the account provisioning
- No IDM system necessary
FirstWare-Admin is a mighty, but in size small tool to access theAD directly
- Created new accounts entirely with just one single form
– and the new employee can directly start after you finished
Sample form to create new users:
Provision of an Active Directory telephone book for theIntranet
As already described in other solution scenarios, the ActiveDirectory provides information for the address book of theMicrosoft Exchange mail system (global address list, GAL).FirstWare-Admin enables you to use this address book as a web basedtelephone book for the intranet. Besides the fact that we offer anAD based phone book for the intranet, the sameform can be used to manage and to change address and phoneinformation.
Example intranet phone book based on the Active Directory:
Integration of the organizational management in the ActiveDirectory
Many internal processes are based on workflows, which start witha request by an employee. This request must be approved or rejectedby a supervisor. The hierarchy of a company is usually notenshrined over the years, but is subject to regular changes.
FirstWare-Admin helps you to integrate the organizationalmanagement in your Active Directory. You can use customized formsto manage the organizational structure of your company. UseFirstWare-Admin to delegate the allocation of supervisorsfor a user easily. The used attributes are alreadyavailable within the Active Directory.
Traceable AD administration to meet compliance managementrequirements
The forms of FirstWare-Admin provide the opportunity to simplifyand automate your Active Directory administration. Allactions are traceable in order to meet the requirements of thecompliance management. FirstWare-Admin enables you toanswer the questions of the internal or external auditors at anytime. All administrative procedures and technical information arerecorded in a protocol.
Screenshot: Log entry for change of the address information ofan Active Directory user
Integration of additional information such as employee number,cost center, state
The Active Directory is developing to a central directory inmany companies. The reason is, that it does not only providetechnical information, but also business-related data, such as:
- Personnel numbers
- Cost centers
- Company codes or
- Information about branches and locations
FirstWare-Admin allows you to integrate and manage anyadditional information in the Active Directory. Moreoverthe Active Directory can be used as the point of contact forexternal systems. Updated or changed attributes of a user can betransferred very quickly in connected systems. It is even possibleto integrate the status of a user, such as:
- internal employee
- external employee
- Date of entry etc.
Through the use of FirstWare-Admin, the Active Directory can veryefficiently be used as a small identity management system. Youwill recognize not only a benefit in the Active Directoryadministration itself, but also with other systems ordatabases.
If you are interested in a delegated Active Directoryadministration, please feel free to contact us. We are happy toreceive your question or request.
Active Directory Delegation
With FirstWare-Admin you can split up the Active Directoryadministration into tasks which can be assigned to differentpersons(Delegation). Hence, employees can manage their assignedtasks however extensive their IT-know-how might be.
By creating individual forms for the Active Directory Delegationit is possible to supply the user with a tool he understands morereadily.
The following scenarios have already been successfully implementedusing FirstWare-Admin.
- Active Directory Delegation of the setup of a new user for theHR-department
- Active Directory Delegation of individual changes toattributes, e.g. address-information
- Integration of additional information, e.g.cost-andbooking-agency
- Active Directory Delegation for the assignment ofauthorizations per Department
- Delegated and simplified administration of authorizations byDepartment
- Active Directory auditing
- Status controlling for user-objects (holiday, part-time,maternity leave, etc.
User and group management
The screenshot shows a form used for creating a user and also toconfigure the user settings. The configuration of thehome-directory, the post box and the assignment of authorizationare all done using the same interface:
Active Directory Adress Management:
Active Directory Accountverwaltung:
Active Directory Kontakverwaltung:
Active Directory Telefonverwaltung: