Active Directory - Training - Basic Help Desk Functionalities
This document covers how to find objects in AD, add/remove users and computers from groups, and how to move objects from one OU to another.
Opening Active Directory
- Go to the start menu, search for “active directory”
- Right click on "Active Directory Users and Computers" and select More -> Run as administrator.
- Enter your -a credentials in the prompt that appears.
- NOTE: if you do not have -a credentials, you can still access AD with read-only access
- In the left-hand panel, expand “ad.uwm.edu” to see all available groups
Commonly-used AD Locations
All units that SAITS supports are under the SA OU.
- ad.uwm.edu\SA\Groups\Security\SharePoint is where all SharePoint sites are located. Adding users to these groups gives them access to their department's SharePoint site.
- ad.uwm.edu\SA\Groups\Security\Software Deployment OUs contain software groups. Adding computers to these groups pushes software to their computer.
- See https://kb.uwm.edu/saits/internal/page.php?id=76411 for more information
- ad.uwm.edu\SA\Groups\Security\User Roles contains groups of groups. Anyone added to these User Roles is added to any groups the User Role is a member of.
- ad.uwm.edu\SA\Groups\Security\Remote Access contains groups that allow remote access. See 49388 if you are thinking about modifying anything in there.
- ad.uwm.edu\SA\Workstations contains computer objects, sorted by department and/or function (i.e. Kiosks)
- ad.uwm.edu\SA\Workstations\Units contains standard computers, such as faculty desktops or laptops
- ad.uwm.edu\SA\Workstations\Kiosk contains punch-in stations and generally public-use computers
Finding a User, Group, or Computer
- Right click on “ad.uwm.edu” at the top-left
- Click “Find…”
- If searching for a user or group, enter the username or group you are looking in the “Name:” field
- If searching for a computer, change the drop down menu in the top left to “computers” and enter the computer name in the “Computer Name:” field.
Adding Object to a GroupFollow these steps when adding any object to a group. This includes adding a computer to a printer group, user to a user role, etc.
- Find the group.
- Open the group by double-clicking on it, then click on the "Members" tab. This is a list of all objects which are a member of the object you are viewing.
- Click add and type in the username.
adding a computer, click the "Object Types..." button in upper-right of the window and check "Computers." Otherwise it will throw an error saying that the computer cannot be found.
Removing User from User Role
Follow these steps if you removing a user from a user role:
- Obtain Supervisor Approval
- In order to remove access, you must consult the group's owner. Within active directory, each group should have an owner listed in the group's description. Email that person within Cherwell asking them if we can remove the user from the group. Include in this email the following:
- The requester's ePanther
- ePanther of who you would be removing
- What group they would be removed from
- If the group you would be removing them does not have an owner in the description, escalate the ticket to Endpoint. They will find the owner, add the owner to the description, and resolve the ticket.
Moving Computers to another OU
- Find the computer using the method above
- Right click the computer name and click “move…” (this is done before opening the object in AD)
- Find and select the new OU.
A more simple, visual guide for some of these steps can be found in 46423