Access Active Directory(AD) directly from SharePoint

We talked about reducing workload of IT guy with our product Ad Information sync to sync information from AD to a SharePoint list in another article. We also use another product Ad Administration to help us:

  • Manage AD information in SharePoint
  • Delegate control to other people, like department manager, to reduce the workload of the administrator
  • Assign different permission based on different user level

In our company, we distribute the managing permission to every department manager so that daily employee management can be done within the department but not always come to the IT department.

Our AD structure:

2015-6-26 12-40-59

The IT department sees the screen below in SharePoint environment since they have full permission:

2015-6-26 12-47-16

The tasks we need to perform:

1. Manage AD users in SharePoint by IT administrators with full permission

Admins can create OUs, groups, users in this web part:

2015-6-26 13-05-03

Edit user information as well:

2015-6-26 13-09-24

or send emails:

2015-6-26 13-03-09

2. Delegate controls to department manager only

We give Tony permission to manage people in Sales department, so he is only able to see the member of sales OU:

2015-6-26 13-17-40

3. Assign different permission to users

We need to assign the Reset Password permission to every single user. When they log on to the system, they see the screen below:

2015-6-26 13-29-17

Only Reset Password permission is available, and cannot edit the personal information.

 

Leave a Reply