Department Group Tools

The Department Group Tools are designed to provide department users with an easy to use way of creating and managing groups without the requirement to have the native tools (ADUC, PowerShell) installed.

Roles

The following roles are defined in the Department Group Tools:

Group Location in AD

All groups created by the Department Group Tools are stored in the Department's sub-OU located in austin.utexas.edu/Groups/Managed

Logging

All actions taken in the Department Group Tools is logged and sent to Splunk.

Moving a Group from a Department OU to Managed Groups

A department (Owner | Administrator | either?) can request the movement of a group from their Department OU to the corresponding Managed Groups OU.

1. Note if the group's Managed By attribute is set and whether the Manager can update membership list checkbox is checked (if checked, an ACE is present to allow the managed by entity to add/remove members.)
2. Set the value of the group's utexasEduAustinSingle10 attribute to the EID of the requestor
   (This attribute is populated with the user that created the group by the Department Group Tools.)
3. Move the group to the Department's OU in austin.utexas.edu/Groups/Managed.
4. Reset permissions on the group to remove any permissions set on it while it was under the Department OU.
   (Properties - Security tab, Advanced button, Restore Defaults button.)
5. Close out the request.
   If the groups' Managed By was was filled out, and it has permissions to update the membership, provide this info and let the requestor know that it has been cleared out.  They are responsible for adding it as the Group Manager if they want it still in place (this is so that the setting the Group Manager is logged by the Department Group Tools).