Active Directory

Active Directory at the Engineering School, STI.

Organization of Active Directory at the Engineering School, STI.

What is Active Directory ?

Active Directory is the directory service included in Windows 2000 to Windows 2012.
It allows to store in a central accessible database ina hierarchical structure all IT resources:
– Users
– File Sharing
– Printers
– Computers
– Security Policies.

The entire hierarchy is similar to a functional organizational chart offering multiples services:
– Unify access to IT resources
– Controlled access to all objects (PCs, printer, users)
– Security Administration for each computer group
– Redundant File Administration
– Remote Installation Services
– Compatible with platform Windows PC.

Delegation of Administration

The structure and the user’s accounts are automatically created by the LDAP Directory Services of the EPFL School.
An administration delegation is implemented and allows the complete administration of the following objects:

.

User accounts administration
Computers add/delete
OUs (Organizatinal Units) add/delete
Printers add/delete
File Sharing add/delete
GPOs (Group Policy Objects) Application, modification

.

The convention to using it are as follows :


An OU (Organisational Unit) contains the following objects for the unit, (for example unit: STI-IT):
– The entirety of the users
– An administrator : adminSTIIT
– An installation administrator : STIITpc
– A group administrator : STIIT-ManagerU
– A group of users : STIIT-TeamU
– A group of guests : STIIT-GuestU
– Two OUs: STI-IT-Workstation and STI-IT-Serveurs, are created to store the unit’s computer.

Since July 2013, only the administrator account ADsciper” can introduce a computer in the domain.

It is impossible to modify the names of the following objects:

– name of OU, unit or institute

– name of security group (XXXX-TeamU, XXXX-GuestU)

– name of user administration (adminXXXX) et de gestion (XXXXPC)

– location of users (in the unit’s OU hierarchy.)

To make the administration easier, I recommend using the following syntax for the security group:

xxxx-fonctionL = local security group

xxxx-fonctionU = universal security group.

A universal group, unit-AllU contains all employees at the level of a laboratory, a institute or a School.

The user account’s name is the same one used in EWA (Email account). It is unique in the EPFL School.