{"id":21159,"date":"2020-04-21T13:55:28","date_gmt":"2020-04-21T11:55:28","guid":{"rendered":"https:\/\/staging.dev.firstattribute.com\/?p=21159"},"modified":"2023-03-13T16:43:27","modified_gmt":"2023-03-13T15:43:27","slug":"helpdesk-and-automated-groups-in-ad","status":"publish","type":"post","link":"https:\/\/www.firstattribute.com\/en\/news\/helpdesk-and-automated-groups-in-ad\/","title":{"rendered":"Helpdesk and automated groups in AD"},"content":{"rendered":"<p>Group management and especially <strong>security group management<\/strong> is an important part in Rights Access Management. Big companies and distributed organizations have to deal with a huge number of groups an permissions. These enterprises often have <strong>local IT coordinators<\/strong> to support daily adminstration and standard issues. Unfortunately permission management is still troublesome.<\/p>\n<p>You could<\/p>\n<ol>\n<li>Completly <a href=\"https:\/\/www.firstware.com\/de\/identity-management\/delegation\/\" target=\"_blank\" rel=\"noopener noreferrer\">delegate AD user management<\/a><\/li>\n<li><a href=\"https:\/\/www.dynamicgroup.net\/en\/delegation-of-dynamic-groups\/\" target=\"_blank\" rel=\"noopener noreferrer\">Delegate automated group management<\/a> only<\/li>\n<\/ol>\n<p>Our customer, a company with 12 branches, decided for the second option. The company does the main <a href=\"https:\/\/www.firstattribute.com\/en\/\" target=\"_blank\" rel=\"noopener noreferrer\">user management<\/a> in the headquarter. User objects are created by the HR department staff. An Identity Management sync solution pushes them to AD and updates most necessary attributes. But then it comes to permission management.<\/p>\n<p><a href=\"https:\/\/www.firstattribute.com\/wp-content\/uploads\/2019\/12\/Admin-delegates-dynamic-groups-to-helpdesks-Admin-view.png\" data-rel=\"lightbox-image-0\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img decoding=\"async\" class=\"alignnone size-full wp-image-16665\" src=\"https:\/\/www.firstattribute.com\/wp-content\/uploads\/2019\/12\/Admin-delegates-dynamic-groups-to-helpdesks-Admin-view.png\" alt=\"Admin delegates dynamic groups to helpdesks - Admin view\" width=\"509\" height=\"336\" \/><\/a><\/p>\n<h2>Permission Management: Helpdesk and automated security groups<\/h2>\n<p>The attribute for department is used for a <a href=\"https:\/\/www.dynamicgroup.net\/en\/dynamic-department-groups\/\" target=\"_blank\" rel=\"noopener noreferrer\">self-updating department group<\/a>. DynamicGroup provides an easy <strong>Query Builder<\/strong> to create attribute based groups.<br \/>\nThe customer executes most standard and global permissions by the headquarter IT department.<\/p>\n<p>But there are a lot of small companies that have been acquired by the customer in the last years as well.\u00a0<\/p>\n<p>These branches have <strong>local IT staff that takes care of special and local permissions<\/strong> as OU admins. They maintain specific permissions by themselves.<\/p>\n<h2>Local helpdesk and group automation<\/h2>\n<p>One example was a branch with a machine where people got access to via AD group permission.<br \/>\nThis machine was only available to people with a certain value in their extensionAttribute5. <br \/>\nThe local IT could create a security group with self-updating group memberships that added all users to that group, if they had extensionAttribute5 filled with &#8220;access_granted&#8221;<\/p>\n<p><a class=\"hb-button hb-default hb-default-button no-three-d\" style=\"-webkit-border-radius: 2px; -moz-border-radius: 2px; border-radius: 2px;\" href=\"https:\/\/www.dynamicgroup.net\/en\/delegation-of-dynamic-groups\/\" target=\"_blank\" rel=\"noopener noreferrer\">Dynamic Group Delegation<\/a>\u00a0\u00a0<\/p>\n<h2>DynamicGroup Delegation<\/h2>\n<p>DynamicGroup can be used by &#8220;full&#8221; admins and delegates.<\/p>\n<p>This enables distributed helpdesks or local IT departments to maintain automatic security groups in their OU.<\/p>\n<p>For more detailled information about the software solution, please visit the product page of <a href=\"https:\/\/www.dynamicgroup.net\/en\/dynamic-groups-in-active-directory\/\" target=\"_blank\" rel=\"noopener noreferrer\">DynamicGroup<\/a><\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Group management and especially security group management is an important part in Rights Access Management. Big companies and distributed organizations [&hellip;]<\/p>\n","protected":false},"author":19,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[3228,3233],"tags":[3357],"class_list":["post-21159","post","type-post","status-publish","format-standard","hentry","category-dynamicgroup","category-news","tag-active-directory-en"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.2 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Helpdesk and automated groups in AD - FirstAttribute<\/title>\n<meta name=\"description\" content=\"Distributed IT adminstration, local helpdesk and automated group management | How automated group memberships can be delegated.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.firstattribute.com\/en\/news\/helpdesk-and-automated-groups-in-ad\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Helpdesk and automated groups in AD - FirstAttribute\" \/>\n<meta property=\"og:description\" content=\"Distributed IT adminstration, local helpdesk and automated group management | How automated group memberships can be delegated.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.firstattribute.com\/en\/news\/helpdesk-and-automated-groups-in-ad\/\" \/>\n<meta property=\"og:site_name\" content=\"FirstAttribute\" \/>\n<meta property=\"article:published_time\" content=\"2020-04-21T11:55:28+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-03-13T15:43:27+00:00\" \/>\n<meta name=\"author\" content=\"Elysabeth Yven\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Elysabeth Yven\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.firstattribute.com\/en\/news\/helpdesk-and-automated-groups-in-ad\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.firstattribute.com\/en\/news\/helpdesk-and-automated-groups-in-ad\/\"},\"author\":{\"name\":\"Elysabeth Yven\",\"@id\":\"https:\/\/www.firstattribute.com\/en\/#\/schema\/person\/1b5e92b4f7766f4a48516d774a104ba1\"},\"headline\":\"Helpdesk and automated groups in AD\",\"datePublished\":\"2020-04-21T11:55:28+00:00\",\"dateModified\":\"2023-03-13T15:43:27+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.firstattribute.com\/en\/news\/helpdesk-and-automated-groups-in-ad\/\"},\"wordCount\":315,\"publisher\":{\"@id\":\"https:\/\/www.firstattribute.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.firstattribute.com\/en\/news\/helpdesk-and-automated-groups-in-ad\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.firstattribute.com\/wp-content\/uploads\/2019\/12\/Admin-delegates-dynamic-groups-to-helpdesks-Admin-view.png\",\"keywords\":[\"Active Directory\"],\"articleSection\":[\"DynamicGroup\",\"News\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.firstattribute.com\/en\/news\/helpdesk-and-automated-groups-in-ad\/\",\"url\":\"https:\/\/www.firstattribute.com\/en\/news\/helpdesk-and-automated-groups-in-ad\/\",\"name\":\"Helpdesk and automated groups in AD - FirstAttribute\",\"isPartOf\":{\"@id\":\"https:\/\/www.firstattribute.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.firstattribute.com\/en\/news\/helpdesk-and-automated-groups-in-ad\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.firstattribute.com\/en\/news\/helpdesk-and-automated-groups-in-ad\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.firstattribute.com\/wp-content\/uploads\/2019\/12\/Admin-delegates-dynamic-groups-to-helpdesks-Admin-view.png\",\"datePublished\":\"2020-04-21T11:55:28+00:00\",\"dateModified\":\"2023-03-13T15:43:27+00:00\",\"description\":\"Distributed IT adminstration, local helpdesk and automated group management | How automated group memberships can be delegated.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.firstattribute.com\/en\/news\/helpdesk-and-automated-groups-in-ad\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.firstattribute.com\/en\/news\/helpdesk-and-automated-groups-in-ad\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.firstattribute.com\/en\/news\/helpdesk-and-automated-groups-in-ad\/#primaryimage\",\"url\":\"https:\/\/www.firstattribute.com\/wp-content\/uploads\/2019\/12\/Admin-delegates-dynamic-groups-to-helpdesks-Admin-view.png\",\"contentUrl\":\"https:\/\/www.firstattribute.com\/wp-content\/uploads\/2019\/12\/Admin-delegates-dynamic-groups-to-helpdesks-Admin-view.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.firstattribute.com\/en\/news\/helpdesk-and-automated-groups-in-ad\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Startseite\",\"item\":\"https:\/\/www.firstattribute.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Helpdesk and automated groups in AD\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.firstattribute.com\/en\/#website\",\"url\":\"https:\/\/www.firstattribute.com\/en\/\",\"name\":\"FirstAttribute AG\",\"description\":\"Identity Access Management, Active Directory Spezialisten\",\"publisher\":{\"@id\":\"https:\/\/www.firstattribute.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.firstattribute.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.firstattribute.com\/en\/#organization\",\"name\":\"FirstAttribute AG\",\"url\":\"https:\/\/www.firstattribute.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.firstattribute.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.firstattribute.com\/wp-content\/uploads\/2021\/01\/FIRSTATTRIBUTE-Logo2013-final-700x145px.png\",\"contentUrl\":\"https:\/\/www.firstattribute.com\/wp-content\/uploads\/2021\/01\/FIRSTATTRIBUTE-Logo2013-final-700x145px.png\",\"width\":700,\"height\":145,\"caption\":\"FirstAttribute AG\"},\"image\":{\"@id\":\"https:\/\/www.firstattribute.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.firstattribute.com\/en\/#\/schema\/person\/1b5e92b4f7766f4a48516d774a104ba1\",\"name\":\"Elysabeth Yven\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Helpdesk and automated groups in AD - FirstAttribute","description":"Distributed IT adminstration, local helpdesk and automated group management | How automated group memberships can be delegated.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.firstattribute.com\/en\/news\/helpdesk-and-automated-groups-in-ad\/","og_locale":"en_US","og_type":"article","og_title":"Helpdesk and automated groups in AD - FirstAttribute","og_description":"Distributed IT adminstration, local helpdesk and automated group management | How automated group memberships can be delegated.","og_url":"https:\/\/www.firstattribute.com\/en\/news\/helpdesk-and-automated-groups-in-ad\/","og_site_name":"FirstAttribute","article_published_time":"2020-04-21T11:55:28+00:00","article_modified_time":"2023-03-13T15:43:27+00:00","author":"Elysabeth Yven","twitter_misc":{"Written by":"Elysabeth Yven","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.firstattribute.com\/en\/news\/helpdesk-and-automated-groups-in-ad\/#article","isPartOf":{"@id":"https:\/\/www.firstattribute.com\/en\/news\/helpdesk-and-automated-groups-in-ad\/"},"author":{"name":"Elysabeth Yven","@id":"https:\/\/www.firstattribute.com\/en\/#\/schema\/person\/1b5e92b4f7766f4a48516d774a104ba1"},"headline":"Helpdesk and automated groups in AD","datePublished":"2020-04-21T11:55:28+00:00","dateModified":"2023-03-13T15:43:27+00:00","mainEntityOfPage":{"@id":"https:\/\/www.firstattribute.com\/en\/news\/helpdesk-and-automated-groups-in-ad\/"},"wordCount":315,"publisher":{"@id":"https:\/\/www.firstattribute.com\/en\/#organization"},"image":{"@id":"https:\/\/www.firstattribute.com\/en\/news\/helpdesk-and-automated-groups-in-ad\/#primaryimage"},"thumbnailUrl":"https:\/\/www.firstattribute.com\/wp-content\/uploads\/2019\/12\/Admin-delegates-dynamic-groups-to-helpdesks-Admin-view.png","keywords":["Active Directory"],"articleSection":["DynamicGroup","News"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.firstattribute.com\/en\/news\/helpdesk-and-automated-groups-in-ad\/","url":"https:\/\/www.firstattribute.com\/en\/news\/helpdesk-and-automated-groups-in-ad\/","name":"Helpdesk and automated groups in AD - FirstAttribute","isPartOf":{"@id":"https:\/\/www.firstattribute.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.firstattribute.com\/en\/news\/helpdesk-and-automated-groups-in-ad\/#primaryimage"},"image":{"@id":"https:\/\/www.firstattribute.com\/en\/news\/helpdesk-and-automated-groups-in-ad\/#primaryimage"},"thumbnailUrl":"https:\/\/www.firstattribute.com\/wp-content\/uploads\/2019\/12\/Admin-delegates-dynamic-groups-to-helpdesks-Admin-view.png","datePublished":"2020-04-21T11:55:28+00:00","dateModified":"2023-03-13T15:43:27+00:00","description":"Distributed IT adminstration, local helpdesk and automated group management | How automated group memberships can be delegated.","breadcrumb":{"@id":"https:\/\/www.firstattribute.com\/en\/news\/helpdesk-and-automated-groups-in-ad\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.firstattribute.com\/en\/news\/helpdesk-and-automated-groups-in-ad\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.firstattribute.com\/en\/news\/helpdesk-and-automated-groups-in-ad\/#primaryimage","url":"https:\/\/www.firstattribute.com\/wp-content\/uploads\/2019\/12\/Admin-delegates-dynamic-groups-to-helpdesks-Admin-view.png","contentUrl":"https:\/\/www.firstattribute.com\/wp-content\/uploads\/2019\/12\/Admin-delegates-dynamic-groups-to-helpdesks-Admin-view.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.firstattribute.com\/en\/news\/helpdesk-and-automated-groups-in-ad\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Startseite","item":"https:\/\/www.firstattribute.com\/en\/"},{"@type":"ListItem","position":2,"name":"Helpdesk and automated groups in AD"}]},{"@type":"WebSite","@id":"https:\/\/www.firstattribute.com\/en\/#website","url":"https:\/\/www.firstattribute.com\/en\/","name":"FirstAttribute AG","description":"Identity Access Management, Active Directory Spezialisten","publisher":{"@id":"https:\/\/www.firstattribute.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.firstattribute.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.firstattribute.com\/en\/#organization","name":"FirstAttribute AG","url":"https:\/\/www.firstattribute.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.firstattribute.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.firstattribute.com\/wp-content\/uploads\/2021\/01\/FIRSTATTRIBUTE-Logo2013-final-700x145px.png","contentUrl":"https:\/\/www.firstattribute.com\/wp-content\/uploads\/2021\/01\/FIRSTATTRIBUTE-Logo2013-final-700x145px.png","width":700,"height":145,"caption":"FirstAttribute AG"},"image":{"@id":"https:\/\/www.firstattribute.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.firstattribute.com\/en\/#\/schema\/person\/1b5e92b4f7766f4a48516d774a104ba1","name":"Elysabeth Yven"}]}},"_links":{"self":[{"href":"https:\/\/www.firstattribute.com\/en\/wp-json\/wp\/v2\/posts\/21159","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.firstattribute.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.firstattribute.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.firstattribute.com\/en\/wp-json\/wp\/v2\/users\/19"}],"replies":[{"embeddable":true,"href":"https:\/\/www.firstattribute.com\/en\/wp-json\/wp\/v2\/comments?post=21159"}],"version-history":[{"count":4,"href":"https:\/\/www.firstattribute.com\/en\/wp-json\/wp\/v2\/posts\/21159\/revisions"}],"predecessor-version":[{"id":38105,"href":"https:\/\/www.firstattribute.com\/en\/wp-json\/wp\/v2\/posts\/21159\/revisions\/38105"}],"wp:attachment":[{"href":"https:\/\/www.firstattribute.com\/en\/wp-json\/wp\/v2\/media?parent=21159"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.firstattribute.com\/en\/wp-json\/wp\/v2\/categories?post=21159"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.firstattribute.com\/en\/wp-json\/wp\/v2\/tags?post=21159"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}