We talked about reducing workload of IT guy with our product Ad Information sync to sync information from AD to a SharePoint list in another article. We also use another product Ad Administration to help us:
- Manage AD information in SharePoint
- Delegate control to other people, like department manager, to reduce the workload of the administrator
- Assign different permission based on different user level
In our company, we distribute the managing permission to every department manager so that daily employee management can be done within the department but not always come to the IT department.
Our AD structure:
The IT department sees the screen below in SharePoint environment since they have full permission:
The tasks we need to perform:
1. Manage AD users in SharePoint by IT administrators with full permission
Admins can create OUs, groups, users in this web part:
Edit user information as well:
or send emails:
2. Delegate controls to department manager only
We give Tony permission to manage people in Sales department, so he is only able to see the member of sales OU:
3. Assign different permission to users
We need to assign the Reset Password permission to every single user. When they log on to the system, they see the screen below:
Only Reset Password permission is available, and cannot edit the personal information.