Getting Started with your OU

When you request a win.udel.edu OU, you will receive:

• UDelNet IDs of administrators,
• Email address of primary contact,
• An OU Prefix (2-4 characters),
• An OU Name (which may or may not be the same as your prefix), and
• An initial machine name. That name must start with the prefix.

You will also be provided with OU-Admin accounts that correspond to the administrators you listed. Each account will be in the form UDelNet-IDadmin.

For example, if the UDelNet ID is sjhandy, the corresponding administrative account will be sjhandyadmin.

The following steps will help you establish your OU and get it up and running:

1. Rename your initial machine with the OU prefix and join the win.udel.edu domain:
   1. Example: For the OU CSS, the machine should be named CSS-systemname.
   2. It is important that ALL machines and other OU objects be named in the format OU-xxxxxxx.
   3. Join the win.udel.edu domain using your OU-Admin account.
   4. After restarting, create the appropriate local access.
      Best Practice: By default ALL UD Win Domain (LDAP/AD) users can now log into the machine. To prevent this:
      1. Log in as the LOCAL administrator.
      2. Go to Local Users and Groups.
      3. Add whatever AD users you want to have admin rights to the Administrators group (like yourself or whomever--we use CSS-Server and CSS-OU-Admin).
      4. Delete whatever AD users you do not want in the Administrators and Users Groups. (Like WIN Domain Users!)
      5. NOTE: Leave the NT-Authority\Authenticated Users alone because we think these allow those in the local administrators group to log in.
2. Install the RSAT (Remote Server Administration Tools) onto your domain joined Windows 10 machine:
   1. Directions to download and install RSAT tools for Windows 10 are here: Remote Server Administration Tools Microsoft Doc.
   2. You will now have access to Active Directory Users and computers and other administrative tools. You need to run them with your OU-Admin account.
      1. Run Active Directory Users and Computers (ADUC). (You can also type "dsa.msc" at the run prompt on the start menu.)
      2. Pin ADIUC to the task bar or start menu.
      3. Hold down the SHIFT key and click the ADUC icon, then choose Run as a different user and authenticate with your OU-Admin account. To make changes to an OU, you must log in with your adminusername -2FA code (the same code that you would use when logging in to CAS). Example:
         • Username = xyzadmin-123456 
         • Password = admin account password
3. Use ADUC and navigate to OU_Admins\Users OU, find your account, right click and select reset password.
4. Add machines, servers, etc. to win.udel.edu:
   1. Pre-create the machine in your OU using Active Directory and Computers and your OU-Admin account.
   2. Make sure the machines are named in the format OUPrefix-computername.
      When you create a computer account, you can specify who can join that account. For example, if you have a group called OU-Users-IT, you can allow anyone in that group to join a machine by changing the User or group field in the New Object - Computer dialog box.
      
      
       
   3. Join the machine using the OU-Admin account credentials.