Introduction

In the past, many UW departments have implemented their own Microsoft domain servers in order to self-manage departmental computers, accounts, and software.

A service is available that allows departments to manage their own resources and also participate in the university-wide Active Directory domain, UW. This service allows departments to phase out support of separate domain servers while maintaining control of departmental resources.

UW departments that have technical staff available can submit a request to have an Organizational Unit (OU) created for their department in the Active Directory. Departments can then create and manage group and computer hardware objects within their assigned Organizational Units. It is assumed that the requestor has the appropriate level of knowledge regarding Active Directory, Windows security, and management of Organizational Units. Information Technology staff do not provide detailed references or instructions for the administration of OUs.

Available to

UW Faculty and Staff to manage their own Active Directory Organizational Unit.  To receive this request the ADOU Group Policies Agreement and Request Access information must be read under "Resources" below.  You will be required to acknowledge this when making the request.

Procedure

After reading ADOU Group Policies Agreement and Request Access, click "Request Service," fill out form, and your  request will be submitted to UWIT.

Resources

• ADOU Group Policies Agreement and Access Request 

   

  
  Department Managed OU Group Policies Agreement

  Upon request access will be granted to Department-Managed OU Administrators to create and manage Group Policy Objects (GPO’s) for their OU. In order for access to be granted individual administrators must agree to specific terms and conditions related to Group Policy.

  Terms and Conditions

• I acknowledge that Information Technology does not provide support for managing Group Policy Objects. Information Technology assumes that an administrator requesting and utilizing Group Policies has a thorough understanding of the concepts, interactions and implications associated with applying group policies to multiple domain objects. In addition IT assumes that adequate backup will be maintained with sufficient understanding of the Group Policy to maintain it in the event that the primary administrator is not available.
• I understand that excessive numbers of group policy objects can negatively impact campus users of Active Directory. I agree to limit the number of group policy objects that I create to a reasonable number.
• I understand that the ability to create group policy objects also allows me to write files to the domain controllers. These files are normally used for logon or logoff scripts etc. I understand that the domain controllers have limited disk space and if they are overloaded it will negatively impact all campus users of Active Directory. I agree not to upload an excessive volume of data to them.
• I agree to prefix the names of any group policy objects that I create with the name of my Department managed OU.
• I understand that some changes made via Group Policy may break applications or the OS itself and render all systems under the OU inoperable pending a complete system rebuild. Also, due to the multitude of possible scenarios IT’s Support for machines in Domain Managed OU’s using Group Policies may be limited. I understand that Information Technology may require me to deactivate some Group Policies and/or move systems to the default central computer account container as part of the initial troubleshooting steps for individual computers.
• Information Technology sets a very limited number of group policies on a domain level. Those that are set have a very specific reason. I agree not to block inheritance of these global policies. Instead if there is a specific reason to have a policy that differs from a global one I understand that I can simply set the same policy in my OU with an updated value and it will supersede the Information Technology created policy. I agree not to take that action without careful consideration and an understanding of the risks. I understand that while IT does not currently have any mandatory policies set that can’t be blocked, the time may come in the future that they may implement mandatory policies that cannot be overwritten.
• I understand that IT reserves the right to perform any action necessary to maintain IT policies and procedures in the event that an applied Group Policy negatively impacts objects outside of the Department Managed OU.