{"id":6823,"date":"2015-06-26T13:33:28","date_gmt":"2015-06-26T05:33:28","guid":{"rendered":"http:\/\/www.boostsolutions.com\/blog\/?p=6823"},"modified":"2023-07-31T11:38:14","modified_gmt":"2023-07-31T03:38:14","slug":"access-active-directoryad-directly-sharepoint","status":"publish","type":"post","link":"https:\/\/www.boostsolutions.com\/blog\/access-active-directoryad-directly-sharepoint\/","title":{"rendered":"Access Active Directory(AD) directly from SharePoint"},"content":{"rendered":"<p>We talked about reducing workload of IT guy with our product <a href=\"http:\/\/www.boostsolutions.com\/active-directory-sync.html\">Ad Information sync<\/a> to sync information from AD to a SharePoint list in <a href=\"http:\/\/www.boostsolutions.com\/blog\/can-manage-ad-users-sharepoint-instead-ad\/\">another article<\/a>. We also use another product <a href=\"http:\/\/www.boostsolutions.com\/ad-administration.html\">Ad Administration <\/a>to help us:<\/p>\n<ul>\n<li>Manage AD information in SharePoint<\/li>\n<li>Delegate control to other people, like department manager, to reduce the workload of the administrator<\/li>\n<li>Assign different permission based on different user level<\/li>\n<\/ul>\n<p>In our company, we distribute the managing permission to every department manager so that daily employee management can be done within the department but not always come to the IT department.<\/p>\n<p>Our AD structure:<\/p>\n<p><a href=\"http:\/\/www.boostsolutions.com\/blog\/wp-content\/uploads\/2015\/06\/2015-6-26-12-40-59.png\"><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-6825\" src=\"http:\/\/www.boostsolutions.com\/blog\/wp-content\/uploads\/2015\/06\/2015-6-26-12-40-59.png\" alt=\"2015-6-26 12-40-59\" width=\"157\" height=\"354\" srcset=\"https:\/\/www.boostsolutions.com\/blog\/wp-content\/uploads\/2015\/06\/2015-6-26-12-40-59.png 157w, https:\/\/www.boostsolutions.com\/blog\/wp-content\/uploads\/2015\/06\/2015-6-26-12-40-59-133x300.png 133w\" sizes=\"(max-width: 157px) 100vw, 157px\" \/><\/a><\/p>\n<p>The IT department sees the screen below in SharePoint environment since they have full permission:<\/p>\n<p><a href=\"http:\/\/www.boostsolutions.com\/blog\/wp-content\/uploads\/2015\/06\/2015-6-26-12-47-16.png\"><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-6827\" src=\"http:\/\/www.boostsolutions.com\/blog\/wp-content\/uploads\/2015\/06\/2015-6-26-12-47-16.png\" alt=\"2015-6-26 12-47-16\" width=\"413\" height=\"608\" srcset=\"https:\/\/www.boostsolutions.com\/blog\/wp-content\/uploads\/2015\/06\/2015-6-26-12-47-16.png 413w, https:\/\/www.boostsolutions.com\/blog\/wp-content\/uploads\/2015\/06\/2015-6-26-12-47-16-203x300.png 203w\" sizes=\"(max-width: 413px) 100vw, 413px\" \/><\/a><\/p>\n<p>The tasks we need to perform:<\/p>\n<p><strong>1. Manage AD users in SharePoint by IT administrators with full permission<\/strong><\/p>\n<p>Admins can create OUs, groups, users in this web part:<\/p>\n<p><a href=\"http:\/\/www.boostsolutions.com\/blog\/wp-content\/uploads\/2015\/06\/2015-6-26-13-05-03.png\"><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-6829\" src=\"http:\/\/www.boostsolutions.com\/blog\/wp-content\/uploads\/2015\/06\/2015-6-26-13-05-03.png\" alt=\"2015-6-26 13-05-03\" width=\"234\" height=\"196\" \/><\/a><\/p>\n<p>Edit user information as well:<\/p>\n<p><a href=\"http:\/\/www.boostsolutions.com\/blog\/wp-content\/uploads\/2015\/06\/2015-6-26-13-09-24.png\"><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-6830\" src=\"http:\/\/www.boostsolutions.com\/blog\/wp-content\/uploads\/2015\/06\/2015-6-26-13-09-24.png\" alt=\"2015-6-26 13-09-24\" width=\"805\" height=\"350\" srcset=\"https:\/\/www.boostsolutions.com\/blog\/wp-content\/uploads\/2015\/06\/2015-6-26-13-09-24.png 805w, https:\/\/www.boostsolutions.com\/blog\/wp-content\/uploads\/2015\/06\/2015-6-26-13-09-24-300x130.png 300w\" sizes=\"(max-width: 805px) 100vw, 805px\" \/><\/a><\/p>\n<p>or send emails:<\/p>\n<p><a href=\"http:\/\/www.boostsolutions.com\/blog\/wp-content\/uploads\/2015\/06\/2015-6-26-13-03-09.png\"><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-6828\" src=\"http:\/\/www.boostsolutions.com\/blog\/wp-content\/uploads\/2015\/06\/2015-6-26-13-03-09.png\" alt=\"2015-6-26 13-03-09\" width=\"275\" height=\"330\" srcset=\"https:\/\/www.boostsolutions.com\/blog\/wp-content\/uploads\/2015\/06\/2015-6-26-13-03-09.png 275w, https:\/\/www.boostsolutions.com\/blog\/wp-content\/uploads\/2015\/06\/2015-6-26-13-03-09-250x300.png 250w\" sizes=\"(max-width: 275px) 100vw, 275px\" \/><\/a><\/p>\n<p><strong>2. Delegate controls to department manager only<\/strong><\/p>\n<p>We give Tony permission to manage people in Sales department, so he is only able to see the member of sales OU:<\/p>\n<p><a href=\"http:\/\/www.boostsolutions.com\/blog\/wp-content\/uploads\/2015\/06\/2015-6-26-13-17-40.png\"><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-6831\" src=\"http:\/\/www.boostsolutions.com\/blog\/wp-content\/uploads\/2015\/06\/2015-6-26-13-17-40.png\" alt=\"2015-6-26 13-17-40\" width=\"392\" height=\"292\" srcset=\"https:\/\/www.boostsolutions.com\/blog\/wp-content\/uploads\/2015\/06\/2015-6-26-13-17-40.png 392w, https:\/\/www.boostsolutions.com\/blog\/wp-content\/uploads\/2015\/06\/2015-6-26-13-17-40-300x223.png 300w\" sizes=\"(max-width: 392px) 100vw, 392px\" \/><\/a><\/p>\n<p><strong>3. Assign different permission to users<\/strong><\/p>\n<p>We need to assign the Reset Password permission to every single user. When they log on to the system, they see the screen below:<\/p>\n<p><a href=\"http:\/\/www.boostsolutions.com\/blog\/wp-content\/uploads\/2015\/06\/2015-6-26-13-29-17.png\"><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-6833\" src=\"http:\/\/www.boostsolutions.com\/blog\/wp-content\/uploads\/2015\/06\/2015-6-26-13-29-17.png\" alt=\"2015-6-26 13-29-17\" width=\"593\" height=\"235\" srcset=\"https:\/\/www.boostsolutions.com\/blog\/wp-content\/uploads\/2015\/06\/2015-6-26-13-29-17.png 593w, https:\/\/www.boostsolutions.com\/blog\/wp-content\/uploads\/2015\/06\/2015-6-26-13-29-17-300x118.png 300w\" sizes=\"(max-width: 593px) 100vw, 593px\" \/><\/a><\/p>\n<p>Only Reset Password permission is available, and cannot edit the personal information.<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We talked about reducing workload of IT guy with our product Ad Information sync to sync information from AD to a SharePoint list in another article. We also use another product Ad Administration to help us: Manage AD information in SharePoint Delegate control to other people, like department manager, to reduce the workload of the [&hellip;]<\/p>\n","protected":false},"author":6,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[1,347],"tags":[],"_links":{"self":[{"href":"https:\/\/www.boostsolutions.com\/blog\/wp-json\/wp\/v2\/posts\/6823"}],"collection":[{"href":"https:\/\/www.boostsolutions.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.boostsolutions.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.boostsolutions.com\/blog\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.boostsolutions.com\/blog\/wp-json\/wp\/v2\/comments?post=6823"}],"version-history":[{"count":8,"href":"https:\/\/www.boostsolutions.com\/blog\/wp-json\/wp\/v2\/posts\/6823\/revisions"}],"predecessor-version":[{"id":6838,"href":"https:\/\/www.boostsolutions.com\/blog\/wp-json\/wp\/v2\/posts\/6823\/revisions\/6838"}],"wp:attachment":[{"href":"https:\/\/www.boostsolutions.com\/blog\/wp-json\/wp\/v2\/media?parent=6823"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.boostsolutions.com\/blog\/wp-json\/wp\/v2\/categories?post=6823"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.boostsolutions.com\/blog\/wp-json\/wp\/v2\/tags?post=6823"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}