The Austin Active Directory Department Group Tools are used to manage a Department's groups using a convenient and easy to use web interface. They allow for group management in scenarios where the native Active Directory tools are not installed or where they cannot even be installed such as on a computer running a non-Windows OS.
All groups created in the Department Group Tools reside under austin.utexas.edu/Groups/Managed (not the Department OU under austin.utexas.edu/Departments.
Because of this, Department OU Administrators do not have the ability to update group memberships of these groups.
Groups that were created in a Department OU can still be managed using the Department Group Tools.
Roles
The following roles are defined in the Department Group Tools:
Roles | Group Scope | Available Actions | How Someone Falls into Scope of the Role |
---|---|---|---|
OU OWNER | Groups native to the Department Group Tools | Add Department Group Administrator Remove Department Group Administrator | When a Department OU is created, the requestor provides a list of the initial OU Owners. Department OU Owners can edit (add/remove) owners of the Department OU. If a Department falls in the scenario where there are no valid OU Owners (for example, all of the owners are former staff), the owners can be updated by one of the following processes:
|
GROUP ADMINISTRATOR | Create Group Delete Group Rename Group Update Group Description Set Group Managers Add a Group Member Remove a Group Member | Department OU Owners manage the Group Admins. | |
GROUP MANAGER | Add a Group Member Remove a Group Member | A group's manager is set by a Department Group Administrator. | |
GROUP MANAGER | Groups existing within a Department OU | Add a Group Member Remove a Group Member | A Department OU Administrator (or someone else that has been delegated the necessary permissions) sets the Managed By and checks the Manager can update member list checkbox on a group located within a Department OU. |
Add Department Group Administrator OU OWNER
Remove Department Group Administrator OU OWNER
Create Group GROUP ADMINISTRATOR
Delete Group GROUP ADMINISTRATOR
Rename Group GROUP ADMINISTRATOR
Update Group Description GROUP ADMINISTRATOR
Set Group Managers GROUP ADMINISTRATOR
Add a Group Member GROUP MANAGER | GROUP ADMINISTRATOR
Remove a Group Member GROUP MANAGER | GROUP ADMINISTRATOR
Add a Group Member GROUP MANAGER
Remove a Group Member GROUP MANAGER