U-M Windows Forest
ITS Windows-Based Services
How-To Documents
Frequently Asked Questions
Help
Contact Us
U-M Windows Forest Main

U-M Windows Forest How-To Documents

Note: You may need to log in with your uniqname and UMICH password to view some of these resources.

Topics


Getting Started with Active Directory

Joining the U-M Windows Forest as a Delegated Organizational Unit
The steps you need to join the U-M Windows Forest as a Delegated OU.

Server Addresses and Firewall Configuration Information for Using Active Directory
How to configure your network firewall's outbound rules to access UMROOT Active Directory servers.

Setting Up Your Active Directory Environment
Initial setup of Active Directory management tools to manage your environment. Includes information on bootstrap computers, administrator configuration and basic navigation of Active Directory.

Active Directory Users, Groups and OUs
How to start using Active Directory Organizational Units (OUs), Users and groups.

Creating Servers and Workstations in a Delegated OU
How to join client computers and servers in a delegated OU.

Logon Scripts—The Basics
Understanding and creating basic logon scripts in Active Directory.

Setting Your Windows Password
UMICH passwords are synchronized to Active Directory by the UMICH Password Hub. When you set your UMICH password, you are also setting your Active Directory password.

Active Directory at the University of Michigan (1.45MB PDF)
A 2010 PowerPoint presentation given at Active Directory Orientation sessions. This presentation assumes some knowledge of Active Directory and explains the idiosyncracies of the U-M implementation.

More Active Directory

Understanding LDAP and Global Catalog Access to the UMROOT Active Directory
How to configure applications to use Active Directory for LDAP and Global Catalog Access.

U-M Windows Central Accounts
How to use centrally provisioned accounts and move them from the People OU to your Accounts OU.

Moving Users to/from Delegated OUs
How to move a centrally provisioned AD user from the People OU to your Accounts OU.

Contacting an AD Admin
Sometimes you need to contact the IT staff of another OU; this link gives you the tools you need to do it yourself.

Windows Server, Terminal Servers, and Remote Desktop Services

Installing and Licensing Windows Remote Desktop Services
How to license Windows Server Remote Desktop Services (2008 and 2012).

Licensing and Activating Windows Server and Clients
How to license and activate Windows Server 2008, Server 2008 R2, Vista and Windows 7.

DFS

Setting Up the Distributed File System - DFS
With DFS, you can make files distributed across multiple servers appear to users as if they reside in one place on the network. This explains how to set up and start using the Distributed File System.

DNS

How to Configure DNS in the U-M Campus Forest
Servers and clients in the UMROOT Domain should be configured to use the campus DNS servers.

PKI and Security

Windows Public Key Infrastructure and Certificates
The Windows Certificate Authority (CA) servers provide support for Public Key services in the UMROOT Windows Forest. Learn more about types/availability and how to request a certificate.

Certificate Authorities Used by Campus Services
Certificate Authority (CA) overview and links to CA files intended for system administrators and webmasters.

Pass-Through Authentication

Note: Pass-through authentication allows you to use your U-M Kerberos credentials to log in to the campus Active Directory without additional logins. However, pass-through authentication does not work properly with all applications. You may have a better experience with some applications if your Kerberos and UMROOT passwords are the same.

Windows Active Directory Kerberos Interoperability
More information on Kerberos is supported, including an Active Directory pass-through Logons illustration.

Windows Kerberos Interoperability Conditions
A listing of preconditions to be met before pass-through logons will complete successfully in the U-M Active Directory Forest.

Configuring a Windows Workstation for Kerberos Pass-Through Logon
For a Windows workstation to support pass-through logons to the UMICH.EDU Kerberos realm, several different conditions must be met.

Configuring a Vista Workstation for Kerberos Pass-Through Logon
For a Vista workstation to support pass-through logons to the UMICH.EDU Kerberos realm, several different conditions must be met.

Configuring a Windows 7 Workstation for Kerberos Pass-Through Logon
For a Windows 7 workstation to support pass-through logons to the UMICH.EDU Kerberos realm, several different conditions must be met.

Accessing File Shares with Kerberos Pass-Through Logon
Directions to access resources using only MIT UMICH uniqname and password.

Troubleshooting Pass-Through Logons
Diagram; click on image to zoom.

Other Resources

Allowing IIS, SQL and the Messaging Services in the UMROOT Domain
How to allow IIS and SQL services to run in the UMROOT domain.

U-M Campus WINS Configuration
Information on U-M campus hub WINS server, along with a U-M campus secondary "spoke" WINS server for general use.

Windows DHCP in the U-M Campus Forest
DHCP servers in UMROOT must be authorized by ITS.