The Austin Active Directory Department Group Tools are used to manage a Department's groups using a convenient and easy to use web interface. They allow for group management in scenarios where the native Active Directory tools are not installed or where they cannot even be installed such as on a computer running a non-Windows OS.
All groups created in the Department Group Tools reside under austin.utexas.edu/Groups/Managed (not the Department OU under austin.utexas.edu/Departments.
Because of this, Department OU Administrators do not have the ability to update group memberships of these groups.
Groups that were created in a Department OU can still be managed using the Department Group Tools.
Roles
The following roles are defined in the Department Group Tools:
| Roles | Group Scope | Available Actions | How Someone Falls into Scope of the Role | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Groups native to the Department Group Tools | Add Department Group Administrator Remove Department Group Administrator | When a Department OU is created, the requestor provides a list of the initial OU Owners. Department OU Owners can edit (add/remove) owners of the Department OU. If a Department falls in the scenario where there are no valid OU Owners (for example, all of the owners are former staff), the owners can be updated by one of the following processes:
| ||||||||
| Create Group Delete Group Rename Group Update Group Description Set Group Managers | Department OU Owners manage the Group Admins. | |||||||||
| Add a Group Member Remove a Group Member | A groups's manager is set by a Department Group Administrator. | |||||||||
| Groups existing within a Department OU | Add a Group Member Remove a Group Member | You (or a group you are a member of) is set on the ManagedBy of a group. |
Group Location in AD
...
| A Department OU Administrator sets the Managed By on a group located within a Department OU. |
Add Department Group Administrator Status subtle true colour Blue title OU Owner
...
Remove Department Group Administrator Status subtle true colour Blue title OU Owner
Create Group Status subtle true colour Green title Group Administrator
Delete Group Status subtle true colour Green title Group Administrator
Rename Group Status subtle true colour Green title Group Administrator
Update Group Description Status subtle true colour Green title Group Administrator
Set Group Managers Status subtle true colour Green title Group Administrator
Add a Group Member Status subtle true colour Yellow title Group Manager
...
Remove a Group Member Status subtle true title Group Manager
Logging
All actions taken in the Department Group Tools is logged and sent to Splunk.
Moving a Group from a Department OU to Managed Groups
A department (Owner | Administrator | either?) can request the movement of a group from their Department OU to the corresponding Managed Groups OU.
...
...
Group
...
Manager
...