UMD Active Directory
Active Directory FAQ
Following are answers to some common questions regarding Active Directory at UMD. If you have a question not answered below, please submit it by calling the ITSS Help Desk (x8847) or sending email to firstname.lastname@example.org.
- What is Active Directory?
- Active Directory (AD) is a directory of people, computers, and groups that provides a way to manage computer policies and permissions. Through Active Directory services, we will be able to provide desktop authentication to the network using your University ID (X.500), eliminating the need for a separate workstation and/or Novell account and password.
- AD also provides the ability to easily share and update standardized security policies with workstations on our network, to provide managed data storage and network printing, and to provide timely updates for operating systems and applications such as Microsoft Office, Symantec, Adobe products, and more.
- Why Active Directory?
- University policy requires that all University computers and devices must be installed and actively maintained on an ongoing basis so that they protect the data stored or accessed through them and meet external compliance requirements. Active Directory services was selected as the best method to help faculty and staff meet this requirement.
- What services are provided via Active Directory?
- Active Directory service provides:
- Desktop authentication using your University Internet ID and password
- Automatic workstation security updates
- Departmental and individual file storage
- Network printing
- Will all workstations be able to join the primary Active Directory domain?
- Yes. In the first phase, University-owned Windows workstations are expected to join the Active Directory domain. A second phase will add support for Macintosh workstations, and possibly Linux workstations if there is a need.
- University policy requires that all University computers and devices must be installed and actively maintained on an ongoing basis so that they protect the data stored or accessed through them and meet external compliance requirements. Departments must complete the Active Directory Exception Form on an annual basis for exceptions to this process.
- How will users install software on a computer that has been added to AD?
- When you sign it to your workstation, by default you will have restricted access rights on the workstation; this is a security feature designed to mitigate virus and malware infection. However, many University business applications and updates are available through AD and can be installed by the user with no additional rights.
- If there is specialized software that requires elevated administrative privilege, you may request this access by completing the online Elevate Rights in AD form or by contacting the ITSS Help Desk (email@example.com, 726-8847) and asking for "elevated access rights." Your AD account will be granted temporary administrative access for your workstation.
- How will work study students be able to access shared data folders?
- Access to the AD file server is through a University Internet/email ID. If you have students working for you, you will need to request access for each student as needed, and will need to revoke that access when the student leaves your employment.
- To request or update access to shared AD file storage, please complete the online AD Manage Files form.
- How do I access my Samba files (MyFiles, MyWeb) from my AD workstation?
- When a computer is joined to AD, its default domain becomes ad.umn.edu. If you had shortcuts on your desktop that no longer work, you may need to access your Samba files as follows:
- How do I remove a workstation from AD?
- If it is a University-owned computer, please complete the Active Directory Exception Form for the workstation. Bring the completed form and the computer to the ITSS TechCenter (Kplz 165) and check it in for service. You will need to provide an EFS string at the time of check in.
- Once a computer is on AD, can anyone with a University Internet ID (X.500) use that computer?
- Yes, anyone with a University Internet ID will be able to sign in to a workstation that has been added to AD. However, on doing so they will be presented with a new user profile, i.e. - a clean desktop will be displayed and they will not have access to any data files, bookmarks, shortcuts, etc., that are stored on the computer under any other user's profile. They will have access to their own personal files on the AD servers.
- This is a good thing. It will allow departments to share computers in a much simpler, more secure way, without sharing passwords or compromising data security.
- When the network is down, will people still be able to get into their computers to work?
- Yes. When you sign in to the AD domain on a workstation the first time, your AD credentials are securely cached on that workstation. If you need to access the workstation at a later time and the UMD network is not available, you will be able to sign in using the cached credentials.
- If people have their laptop off campus, will they sign in through VPN to access AD?
- Yes, from home you will need to sign into VPN first and then sign in with your AD credentials. Complete details are here: Connect to VPN Prior to Signing In
Rev: 09.7.12 sab