Manage System-Wide Help Desk Task Collections

Within most eControl deployments, there may be a requirement to establish system-wide help desk support that runs from a centralized support centre. These help desk accounts would be able to provide help desk support to all users within a given Directory or to all users in a mixed Directory environment.

In our ACME company example, help desk support must be enabled on a system-wide multiple Directory basis, and for each Directory. The network management plan calls for the following HelpDesk teams:

• eControl eDirectory HelpDesk - to support user and group management for the entire DEMO2-TREE eDirectory tree.
• eControl Active Directory HelpDesk - to support user and group management for the entire Omni2003.local AD domain.
• eControl All HelpDesk - to support user and group management for the entire multiple Directory environment.

The important limitation is that all the eControl containers be excluded from HelpDesk support.

Four our demonstration purposed, we created a set of Acme users under o=ACME in both the DEMO2-TREE and the Omni2003.local AD Domain. Those accounts will be assigned the following roles:

• User Acme3 (DEMO2-TREE) will be assigned to the eControl eDirectory HelpDesk role
• User Acme-AD3 (Omni2003.local) will be assigned to the eControl Active Directory helpDesk role
• User Acme2 (DEMO2-TREE) will be assigned to the eControl All HelpDesk role

Table of contents

• Enabling an eDirectory Tree HelpDesk Task Collection
  • Create an eDirectory Group and Add HelpDesk User Accounts
  • Assign the "eDir - HelpDesk" Role and Task Collection and Define the Search Context
• Enabling an Active Directory Domain HelpDesk Task Collection
  • Create an Active Directory Group and Add HelpDesk User Accounts
  • Assign the "AD - HelpDesk" Role and Task Collection and Define the Search Context
• Enabling an All Systems HelpDesk Role
  • Create an eDirectory Group and Add HelpDesk User Accounts
  • Create an All Systems HelpDesk Role and Task Collection
  • Assign the "All - HelpDesk" Role and Task Collection and Define the Search Context

Enabling an eDirectory Tree HelpDesk Task Collection

To create and assign a helpdesk task collection for an eDirectory tree:

• Create an eDirectory Group and add the tree-wide help desk user accounts
• Assign the eDirectroy "eDir - HelpDesk" role and task collection and define the search context

Create an eDirectory Group and Add HelpDesk User Accounts

1. Using ConsoleOne or iManager, create an an "eControl-Tree-HelpDesk" group in the "eControl" container near the top of the tree, e.g. cn=eControl-Tree-HelpDesk.ou=eControl.o=ACME.
2. Create a tree-wide helpdesk user account (you do not need to assign supervisor rights to this account), e.g. cn=acme4.o=ACME.
3. Assign the tree-wide helpdesk user account as a member of the cn=eControl-Tree-HelpDesk group.

Assign the "eDir - HelpDesk" Role and Task Collection and Define the Search Context

1. In the "Administration" panel "Manage" page, under the "Groups" section, click the Add button.
2. Select the desired eDirectory tree for the System Name.
3. Click the "Group Context", browse the eDirectroy tree and select the eControl tree helpdesk group. Click the Add button.
4. In the "Groups" pane, double-click the eDirectory tree admin group.
5. In the "Group Information" window use the Task Collection drop-down button to select the eDir - HelpDesk task collection.
6. Under the "Search Contexts" section, click the Add button.
7. In the "Add Search Context" window:
   • Select the eDirectory tree as the System Name.
   • Click the "Path" browse button and select the "O" container to manage, e.g. o=ACME.
   • Ensure that the "Scope" is set to __Sub tree_
   • Click the Add button.
8. It is now time to add the necessary exclusions for the "eControl" containers throughout the tree. It is necessary to repeat these steps for each exclusion that needs to be added:
   • In the "Group Information" window click the Add button.
     • In the "Add Search Context" window select the eDirectory tree as the System Name.
     • Click the "Path" browse button and select one of the "eControl" containers to be excluded, e.g. ou=eControl.o=ACME or ou=eControl.ou=Edmonton.o=ACME.
   • Ensure that the Scope is set to One level and check Is excluded.
   • Click the Add button.
9. In the "Group Information" window click the Save button.
10. In the "Manage" page click the Apply New Settings button to save the new assignment. (Note - it is import to do this step otherwise your work will be lost if you navigate away from the "Manage" page.)

Enabling an Active Directory Domain HelpDesk Task Collection

To create and assign a helpdesk task collection for an Active Directory domain:

• Create an Active Directory group and add the domain-wide helpdesk user accounts.
• Assign the Active Directory "AD - HelpDesk" role and task collection and define the search context.

Create an Active Directory Group and Add HelpDesk User Accounts

1. Using Microsoft Management Console, create an an "eControl-Domain-HelpDesk" group in the "eControl" container near the top of the domain, e.g. cn=eControl-Domain-HelpDesk.ou=eControl.o=ACME.
2. Create a domain-wide helpdesk user account (you do not need to assign supervisor permissions to this account), e.g. cn=acme-ad3.o=ACME.
3. Assign the domain-wide helpdesk user account as a member of the cn=eControl-Domain-HelpDesk group.

Assign the "AD - HelpDesk" Role and Task Collection and Define the Search Context

1. In the "Administration" panel "Manage" page, under the "Groups" section, click the Add button.
2. Select the desired Active Directory domain for the System Name.
3. Click the "Group Context", browse the Active Directory domain and select the domain helpdesk group. Click the Add button.
4. In the "Groups" pane, double-click the eDirectory tree admin group.
5. In the "Group Information" window use the Task Collection drop-down button to select the AD - HelpDesk task collection.
6. Under the "Search Contexts" section, click the Add button.
7. In the "Add Search Context" window:
   • Select the Active Directory domain as the System Name.
   • Click the "Path" browse button and select the "O" container to manage, e.g. o=ACME.
   • Ensure that the "Scope" is set to __Sub tree_
   • Click the Add button.
8. It is now time to add the necessary exclusions for the "eControl" containers (and any other desired containers) throughout the domain. It is necessary to repeat these steps for each exclusion that needs to be added:
   • In the "Group Information" window click the Add button.
     • In the "Add Search Context" window select the Active Directory domain as the System Name.
     • Click the "Path" browse button and select one of the "eControl" containers to be excluded, e.g. ou=eControl.o=ACME or ou=eControl.ou=Seattle.o=ACME.
   • Ensure that the Scope is set to One level and check Is excluded.
   • Click the Add button.
9. In the "Group Information" window click the Save button.
10. In the "Manage" page click the Apply New Settings button to save the new assignment. (Note - it is import to do this step otherwise your work will be lost if you navigate away from the "Manage" page.)

Enabling an All Systems HelpDesk Role

There are two ways to enable the Acme2 user as an all systems help desk operator:

• Add the Acme2 user to the membership list for both the eControl-eDir-HelpDesk and eControl-AD-HelpDesk groups, or
• Create a dedicated task collection and role and assign it to an All HelpDesk group and specify the search contexts.

To create and assign a helpdesk task collection for all eDirectory and Active Directory systems:

• Create an eDirectory Group and add the all system help desk user accounts.
• Create an "All - HelpDesk" role and task collection and assign it the rights used in the "eDir - HelpDesk" and "AD - HelpDesk" roles and task collections.
• Assign the eDirectroy "All - HelpDesk" role and task collection and define the search context.

Create an eDirectory Group and Add HelpDesk User Accounts

1. Using ConsoleOne or iManager, create an an "eControl-All-HelpDesk" group in the "eControl" container near the top of the tree, e.g. cn=eControl-All-HelpDesk.ou=eControl.o=ACME.
2. Create a tree-wide helpdesk user account (you do not need to assign supervisor rights to this account), e.g. cn=acme2.o=ACME.
3. Assign the tree-wide helpdesk user account as a member of the cn=eControl-All-HelpDesk group.

Create an All Systems HelpDesk Role and Task Collection

To create an all systems HelpDesk role and task collection:

1. Using eControl "Administration" panel, in the "Manage" page click the Manage Task Collections button.
2. In the "Manage Task Collections" window click the Add button.
3. In the "Add Role" window specify the name for a new role, e.g. All - HelpDesk and click the Add button.
4. Click on the Role and click on the Active Directory container for that Role.
5. Enable the specific tasks and rights desired for the HelpDesk role.
6. Click on the Role and click on the eDirectory container for that Role.
7. Enable the specific tasks and rights desired for the HelpDesk role.
8. When all tasks and rights have been set click the Save button.

Assign the "All - HelpDesk" Role and Task Collection and Define the Search Context

1. In the "Administration" panel "Manage" page, under the "Groups" section, click the Add button.
2. Select the desired eDirectory tree for the System Name.
3. Click the "Group Context", browse the eDirectroy tree and select the eControl all system helpdesk group, e.g. cn=eControl-All-HelpDesk.ou=eControl.o=ACME. Click the Add button.
4. In the "Groups" pane, double-click the eControl all system helpdesk group.
5. In the "Group Information" window use the Task Collection drop-down button to select the All - HelpDesk task collection.
6. Under the "Search Contexts" section, click the Add button.
7. In the "Add Search Context" window:
   • Select the eDirectory tree as the System Name, e.g. DEMO2-TREE
   • Click the "Path" browse button and select the "O" container to manage, e.g. o=ACME.
   • Ensure that the "Scope" is set to __Sub tree_
   • Click the Add button.
8. Under the "Search Contexts" section, click the Add button.
9. In the "Add Search Context" window:
   • Select the Active Directory domain as the System Name, e.g. Omni2003.local
   • Click the "Path" browse button and select the tope-level "OU" container to manage, e.g. ou=ACME.
   • Ensure that the "Scope" is set to __Sub tree_
   • Click the Add button.
10. It is now time to add the necessary exclusions for the "eControl" containers throughout the tree. It is necessary to repeat these steps for each exclusion that needs to be added:
    • In the "Group Information" window click the Add button.
      • In the "Add Search Context" window select the eDirectory tree or the Active Directory Domain as the System Name.
      • Click the "Path" browse button and select one of the "eControl" containers to be excluded, e.g. ou=eControl.o=ACME or ou=eControl.ou=Edmonton.o=ACME.
    • Ensure that the Scope is set to One level and check Is excluded.
    • Click the Add button.
11. Once all of the exclusions have been added, in the "Group Information" window click the Save button.
12. In the "Manage" page click the Apply New Settings button to save the new assignment. (Note - it is import to do this step otherwise your work will be lost if you navigate away from the "Manage" page.)

---