In the past, many UW departments have implemented their own Microsoft domain servers to self-manage departmental computers, accounts, and software.
A service is available that allows departments to manage their own resources and participate in the university-wide Active Directory domain, UWYO. This service allows departments to maintain control of departmental resources and offload the technical and financial burden of implementing their own domain services.
UW departments that have technical staff available can submit a request to have an Organizational Unit (OU) created for their department in the Active Directory. Departments can then create and manage group and computer hardware objects within their assigned Organizational Units.
In order to sign up for ADOU Domain Services, simply read this agreement and submit the TeamDynamix request. Each individual responsible for managing an OU will need to submit the required information. Once a request is approved, applicants will receive from their Departmental User Consultant instructions explaining how to access their OU and the assigned prefix.
Please note that no additional documentation is made available from Information Technology. Individuals responsible for managing the ADOU are expected to have sufficient technical knowledge to manage the ADOU on their own. Technical resources and primers may be found by browsing the Internet, but IT does not endorse any reference materials or provide support for ADOU management.
Organizational Unit managers will need to install Active Directory users and computers to access Active Directory.
This agreement is for Information Technology to provide an Active Directory Organizational Unit for UW departmental use. "Active Directory Organizational Unit" will hereby be abbreviated to ADOU. Information Technology will provide departments with an ADOU for the purpose of domain service organization under the following requirements:
The department must maintain Support Personnel with knowledge of the features and implementation of ADOU objects utilizing the Microsoft Management Console (MMC): The department must have personnel with sufficient knowledge about Active Directory, Computer Objects, Security Objects, and the Microsoft Users and Computers MMC Snap In to manage and maintain the ADOU; including creation, deletion, and modification of objects.
The department agrees to abide by the rules set forth in naming convention for ADOU objects: To maintain the integrity of other objects on the domain, Information Technology will require that groups and Group Policy Objects created be prefixed by an assigned abbreviation.
Who is eligible? Any department designated by UW Human Resources under the current DDU (department, division, unit) definitions.
Organizational Unit Creation and Security: Information Technology will create and set security on an OU within the WINDOWS.UWYO.EDU Active Directory domain with sufficient privileges to allow for departments to create, delete and populate security groups, create and https://uwyo.teamdynamix.com/TDClient/1940/Portal/Requests/ServiceDet?ID=8967 delete computer accounts, and create, delete and populate sub-OU’s.
Organization Unit Management: The department will have the ability to create, delete and populate Organizational Units within their designated ADOU to aid in the organization of Security Groups and Computer Hardware Accounts as the department deems appropriate.
Security Group Management: The department will have the ability to create, delete, and populate security groups within their designated ADOU to aid in access control of online resources as the department deems appropriate.
Computer Account Management: The department will have the ability to create and delete computer accounts within their designated ADOU. Computer accounts are accounts on the Windows Domain for a physical piece of hardware, such as a desktop system. Computer accounts are NOT the accounts individuals use to login to a computer. See important information about Computer Accounts in the Notes section, below.
Prefix Requirement: Information Technology requires the use of assigned prefixes to ensure that objects under departmental control are unique and don’t conflict with other objects on the domain. This is also required for future scalability of the service – i.e., additional tools may be implemented that will depend on the prefix being present on all objects within the department designated ADOU.
User Accounts: Since the University has implemented a centralized account management solution that spans multiple systems that includes pre-creation of accounts, all user accounts must go through this system for account creation. This includes service accounts and special accounts. These accounts must be processed through the central system to ensure account uniqueness and integrity. This being the case, Information Technology will not grant the ability to create user accounts within a department designated ADOU. Departments should contact their Information Technology Computer Support Specialist for more information about special user accounts.
Group Policy: The standard ADOU configuration will not include the ability to create and set Group Policies on objects within a departmental designated OU. Departments that need Group Policy access must complete an additional GP Access request form using the button below to request access.
Upon request access will be granted to Department-Managed OU Administrators to create and manage Group Policy Objects (GPO’s) for their OU. For access to be granted individual administrators must agree to specific terms and conditions related to Group Policy.