U-M Windows Forest
ITS Windows-Based Services
How-To Documents
Frequently Asked Questions
Help
Contact Us
U-M Windows Forest Main

Setting Up Your Active Directory Environment

August, 2008

Table of Contents  

Join Active Directory as a Delegated OU

The first step in using Active Directory is to fill out a form to join as a Delegate Organizational Unit.

The Bootstrap Computer

The bootstrap computer is specified in your request for an Organizational Unit above and should follow the naming convention DEPT-ANYTHING. It needs to be joined to the domain and configured to access and administer Active Directory before you can add additional computers and servers or manage users, groups and other objects in Active Directory. The bootstrap computer can be any Windows workstation or server.

If you choose to install your Active Directory tools on a workstation(s), there are a couple of things to keep in mind:

Once you have installed Active Directory tools on any other computer in your OU, the bootstrap computer is no longer important and can be kept or deleted as you choose. You can administer AD from servers, workstations or both.

Join the Bootstrap Computer to the Domain

  1. Go to Control Panel > System > Computer Name. Select the Change button.

  2. Make sure the computer name exactly matches the bootstrap computer name in your request.
    (Note: If you need to change the computer name, make this change and reboot before proceeding.)

  3. Test that you can ping the domain adsroot.itcs.umich.edu.

  4. Select the Member of domain radio button and enter:
    adsroot.itcs.umich.edu

  5. When prompted, enter your OU Admin username and password with the following format:
    umroot\dept-ouadminN
    where N=1,2,3 etc., and dept is your assigned department/unit prefix.

  6. You should see a "Welcome to the UMROOT Domain" message. Reboot at this time.

Administrator Configuration

  1. From the Log on to dropdown menu, select DEPT-ANYTHING (this computer) and log on as Administrator. This is the local Administrator account you created when installing the computer OS, not your OU Admin account.

  2. From the Start menu, select Administrative Tools > Computer Management.
    Select Local Users and Groups
    Select Groups
    Select Administrators
    Select Add...
    Enter your OU Admins group, umroot\dept-ouadmins and select Check Names Exit Computer Management.

  3. Log off.

  4. From the Log on to dropdown menu, select UMROOT and this time log on with your OU Admin account, umroot\dept-ouadminN. You will now be logged onto the server as a Local Administrator and to the domain as your department/unit OU Admin.

Install Active Directory Tools

Installation of tools and utilities depends on your version of the operating system. Older server operating systems and all client systems require you to download and install the software. Newer servers allow you to install the tools without downloading them using "Add Features" then installing the Remote Server Administration Tools.

  1. Install the Active Directory Administration Tools, Remote Server Administration Tools or the AD DS Snap-Ins for your operating system.

  2. (Optional) Install the Group Policy Management Console.

Start Managing Active Directory

  1. From the Start menu, select Administrative Tools > Active Directory Users and Computers.

  2. Navigate to UMICH > Organizations > Your_OU.

  3. Create top level OUs for:
    Users
    Groups
    Servers
    Computers
    Most units create some or all of the following top level OUs. You can browse other departments' OUs to see what they have done.

  4. (Optional) You can now drag your bootstrap computer to the correct OU.

For more information, see Active Directory at the University of Michigan (PDF).