Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The Austin Active Directory Department Group Tools are used to manage a Department's groups using a convenient and easy to use web interface.  They allow for group management in scenarios where the native Active Directory tools are not installed or where they cannot be installed such as on a computer running a non-Windows OS.

...

Roles

Group Scope

Available Actions

How Someone Falls into Scope of the Role

Status
subtletrue
colourBlue
titleOU Owner

Groups native to the Department Group Tools

Department OU Owners can add and remove Department Group Administrators.

When a Department OU is created, the requestor provides a list of the initial OU Owners.

Department OU Owners can edit (add/remove) owners of the Department OU.

If a Department falls in the scenario where there are no valid OU Owners (for example, all of the owners are former staff), the owners can be updated by one of the following processes:

  • The Head of the Department submits a request to the AD team, specifying the EIDs of the new OU Owners.

  • IT staff member from the department contacts the ISO who will review it and then submit a request to the AD team, specifying the EIDs of the new OU Owners.

Status
subtletrue
colourGreen
titleGroup Administrator

Department Group Administrators can create groups, delete groups, and modify all of a Department’s managed groups.

Department OU Owners manage the Group Admins.

In addition, Department OU Owners are considered Group Admins by the Tool’s permission model even if not explicitly declared as Group Admins.

(Effectively, Department Group Administrators = Department OU Owners + Department Group Administrators)

Status
subtletrue
colourYellow
titleGroup Manager

Group Managers can add/remove group members.

A group's manager is set by a Department Group Administrator.

Status
subtletrue
colourYellow
titleGroup Manager

Groups existing within a Department OU

Group Managers can add/remove group members.

A Department OU Administrator (or someone else that has been delegated the necessary permissions) sets the Managed By and checks the Manager can update member list checkbox on a group located within a Department OU.

...

  1. Log into the Department User Tools on https://www.austin.utexas.edu/DeptGroupTools.

  2. From the menu on the left side of the page, under the OU Owners section, click on Edit Group Admins.

  3. Select the desired Department OU from the Select a Department OU drop down list.

  4. The current Group Admins will be shown under Current Group Administrators.

  5. Select the Group Admin to be removed and click the Remove Selected Admin button.

Create Group
Status
subtletrue
colourGreen
titleGroup Administrator

  1. Log into the Department User Tools on https://www.austin.utexas.edu/DeptGroupTools.

  2. From the menu on the left side of the page, under the Group Administrators section, click on Create Group.

  3. Select the desired Department OU from the Select a Department OU drop down list.

  4. Under Group Name enter the name for the new group that you are creating. Note that the group name is automatically prefixed with the Department OU Name followed by a dash.
    (You do not need to enter the DEPT- prefix when setting the group name.)

  5. If you want to have the group synced to Box, check the Enable UTBox AD Group Sync checkbox.
    (This will sync the group and its members with UTBox so it can be used to share items.)

  6. Optionally provide a description for the new group under Group Description.
    This is optional but highly recommended. You can note the intended use of the new group here.

  7. Optionally set a ManagedBy Group Name.
    Members of the ManagedBy Group will be able to add and remove members of the new group.
    If a ManagedBy Group is not set, only Department Group Administrators will be able to manage the members of the new group.

    • Under ManagedBy Group Name, enter the name of an AD group.

    • Optionally check the Exact Match checkbox if you have entered the exact group name to search on.
      (If the checkbox is not checked, the search will apply a wildcard to the end of what was entered).

    • Click the Check Names button.

    • Select the desired group in the Search Results.

  8. Click the Create Group button

Modify Group
Status
subtletrue
colourGreen
titleGroup Administrator

  1. Log into the Department User Tools on https://www.austin.utexas.edu/DeptGroupTools.

  2. From the menu on the left side of the page, under the Group Administrators section, click on Create Group.

  3. Select the desired Department OU from the Select a Department OU drop down list.

  4. Under Select a Group to Modify, select the group that you want to modify.

  5. You can then update the group in one or more ways:

    • UTBox Sync
      You can toggle whether the group is synced with UTBox by checking/unchecking the Enable UTBox AD Group Sync checkbox.
      This saved is applied upon checking or unchecking the box.

    • Rename
      You can rename the group by entering the desired new name under New Group Name.  Note that the group name is automatically prefixed with the Department OU Name followed by a dash.
      (You do not need to enter the DEPT- prefix when setting the group name.)
      Click the Save New Group Name button.

    • Change Description
      You can add/remove/change the group's description by entering the desired new description under New Group Description.
      Click the Save New Description button.

    • Change ManagedBy
      You can change the ManagedBy Group Name by entering the name of an AD group under New ManagedBy Group Name.
      Optionally check the Exact Match checkbox if you have entered the exact group name to search on.
      (If the checkbox is not checked, the search will apply a wildcard to the end of what was entered).
      Click the Check Names button.
      Select the desired group in the Search Results.
      Click the Save New ManagedBy button.

    • Remove ManagedBy
      You can remove the ManagedBy Group Name.
      Click the Delete ManagedBy button.
      If a ManagedBy Group is not set, only Department Group Administrators will be able to manage the members of the group.

Delete Group
Status
subtletrue
colourGreen
titleGroup Administrator

...