Active Directory is a database of users and network resources that Tier 1's can use to manage security and other functions in a networked computing environment.
SCCM - System Center Configuration Manager
One benefit of having workstations connected to the university domain (Active Directory) is the ability to utilize a system administration suite of tools called "System Center Configuration Manager 2012." The current SCCM client (2007) is scheduled to be updated on 3/15/13. In the following weeks after the upgrade, IT will begin to make the SCCM 2012 console available for tech support personnel to use in their departments.
SCCM is a very complex and large tool. Documentation has been written specifically for the access granted to tech support personnel. This document can be considered an "Administrator Guide" in our environment at the university. This documentation covers the basic usage of the SCCM console utilities. It is enough to get started using the new system. As feedback from the technical community comes in, more documentation will be added for other tasks than what is covered in the guide. If you are interested in utilizing this tool for your group, please review the documentation thoroughly before requesting access.
Announcements will be made when console access becomes available.
The administrator guide can be obtained at this link: SCCMAdminGuide.
What will I need to manage that Active Directory system in my unit?
The Remote Server Administration tool pack will need to be downloaded from this link: Microsoft Download Page.
After installation of the Remote Server Administration tool completes, please look at this page for configuration of ADUC and GPMC. The two vital tools that will be used for managing your unit.
NOTE: The primary computer used for management will need to be running Windows 7. Windows 7 can be purchased from the IT store for tier ones at a very low price. Windows XP is nearing its end-of-life date, and no longer receives application updates. XP does not offer the same level of management that is available in Windows 7. Most new instructional documentation will be written for Windows 7 only due to the restrictions in the Windows XP environment. The AD infrastructure here at the university is running on the most current Windows Server operating systems, with features that are only accessible on machines running Windows 7. It is recommended that Windows XP machines are upgraded as soon as possible, where applicable.
For situations where Windows XP is absolutely needed, please visit this web page for the built-in Windows XP mode found in Windows 7 Professional, Ultimate, and Enterprise versions:Windows XP Mode Install
You will need to set up the workstations within your organizational unit to use Active Directory. To get started:
- Review the recommended workstation naming convention.
- For new machines, the migration is not necessary. Follow the instructions here for adding a machine to the domain manually: Add Machine Manually
- Read the Active Directory migration instructions for any instances where an old machine that has been in use is going to be added to the domain.
- Migrate the workstations (including Windows XP, Vista and 7) in your unit to Active Directory using the migration tool.
To Tier I staff on Monday, December 17, 2012 at 1:30pm.
- How do I unlock a user account? (t1 accounts)
- How do I keep my Organizational Units (OUs) "clean"?
- How do I add a Microsoft XP wireless workstation to Active Directory?
- How do I add a Microsoft 7/Vista wireless workstation to Active Directory?
- How do I add non Microsoft workstations to Active Directory
- What if I have other questions concerning the migration process?
Sponsored Account Holders
-XP installation/configuration guide (this guide is only for faculty/staff using Active Directory)
-XP quick install guide (this guide is only for faculty/staff using Active Directory)
-Vista installation/configuration guide (this guide is only for faculty/staff using Active Directory)
-Vista quick install guide (this guide is only for faculty/staff using Active Directory)
In most departments, computers are added and removed frequently for various reasons. It is good to try and keep track of these additions and removals. Always try to delete old computer objects from your OU after the machines have been removed. This will prevent problems with authentication as well as management through GPOs and SCCM. Some IT personnel keep an excel spread sheet of all of the machine names and their associated users. The sooner a management system is put in place, the easier the overall management will be as time goes on.
How do I add a non Microsoft workstation to Active Directory
See the following documents
Why have my desktop icons changed?
This will occur if a migrated user tries to login to their local account. Ensure that the user is logging into their domain account.
I recently added a Windows 7 workstation to Active Directory. Why is it logging the user in to a temporary profile?
This is a known issue with Windows 7/Vista. Occasionally, when changes are made to a user profile, the user will not longer be able to log in to their account. To correct this issue, visit http://support.microsoft.com/kb/947242
Occasionally when migrating a user into their domain profile some files and folders will not have the correct permissions applied to a user's new domain account. Most commonly this occurs when the permissions to the files and folders were assigned to specific users and not groups. To correct this select the affected files and folders and manually assign the proper permission via the security tab.
Why am I still getting prompted for my password when logging into SharePoint? My computer is already a member in AD.
Usually this is caused by a user still logging into their local account. Ensure that the user is logging into their domain account. You will also want to ensure that you have the appropriate group policy client side extensions (KB943729) update installed on the machine.
This is because as far as windows is concerned you are now logging into a new windows account that does not have permission to these encrypted files. The simplest solution to this problem is to log back in as your local account, decrypt the files then re-encrypt them under your AD account.
Contact IT's Directory Service team at INFDSIT@LISTSERV.LOUISVILLE.EDU
We have put together a few videos that will walk you through some of the more commonly required tasks to preform during the migration process. The videos can be found at http://dsmessages.louisville.edu/help/
How do I lock down a workstation so that only specific users can log in?
You will need to remove the domain users group from the local users group and the domain administrators* group from the local administrators group. You will then need to add each user's domain account who will need access to the workstation to either the local administrators group or users group depending on the level of access that is required. Step-by-step instructions for locking down AD workstations.
*It should be noted that removing the domain administrators group will severely limit the amount of assistance that IT can provide at the workstation level.
If you experience this problem first try disabling IPV6 if on a Vista or Windows 7 machine. Should the problem persist disable dynamic DNS by linking the IT-DisableDynamicDNS GPO to your OU.
Microsoft Active Directory is not required to use Microsoft Exchange email services. Users can always use the web client for Exchange. There are reasons why we recommend that users' workstations be added to Active Directory:
- The Exchange client and updates can be pushed by IT to the workstations, making it simpler to set up the Exchange client.
- Other software (Windows updates, etc.) can be pushed by IT to the workstations, making it easier to keep workstations up to date.
- If the users are logged into Active Directory on their workstations, they do not have to input their credentials whenever they log into Exchange or SharePoint.
Yes, Active Directory will work with Macintosh. Information Technology has directions online for connecting your Macintosh to Active Directory at UofL.
Each sponsored account has different needs, but all sponsored account holders receive Active Directory accounts. The requester of the sponsored account will need to determine if they need a workstation linked to Active Directory or need the Exchange client (Outlook).