Windows Enterprise Domain
IT Administrator Support


Announcements

Support Resources
  • Solution Center, 192 Parks Library, 515.294.4000, solution@iastate.edu, fax 515.294.3702 General OU management help, ISU NetID username/passwords help.
  • Operations, 95 Durham Center, 515.294.2256, General system trouble reporting for distributed campus systems (including the Windows Enterprise domain) and lab trouble reporting.
  • OU Administrator Support TechNotes provides important information for OU administrators.
  • The IT Handbook was developed by the Colleges of Engineering and Liberal Arts and Sciences and Information Technology Services. This handbook is intended to provide answers to common IT questions at Iowa State University.

Windows Enterprise Domain Design

The core features of the Windows Enterprise design implement "single sign-on" (using ISU NetIDs), delegation of OU administration (for departmental IT admins) and central authentication and global catalog lookup. Documents on the design of the Windows Enterprise Domain Active Directory environment are available in the Windows Enterprise Design area.

Windows Enterprise Status and Participation

Windows Service Packs

Current service packs for Windows operating systems are:

  • Windows Server 2008 R2 - Service Pack 1
  • Windows Server 2008 - Service Pack 2
  • Windows Server 2003 - Service Pack 2
  • Windows XP - Service Pack 3
  • Windows Vista - Service Pack 2
  • Windows 7 - Service Pack 1

Windows Security

Keeping your Windows Client and Server systems secure from intrusion, viruses, and other compromise is critical. The core set of things you should be doing on EVERY Windows system you manage is available in the Windows System Security area.

If you do not follow recommended security guidelines, your system will eventually become infected. When this happens, the network traffic from the infection will soon be detected and traced back to your system. Internet access for your system will then be blocked at the campus border. When this happens you will see the "Red Screen of Internet Death" until you disinfect your system and request it to be un-blocked.

OU Administration

If you are an IT Administrator for a college, department, or major operating unit at Iowa State University you can request and manage your own "OU" ("Organizational Unit"). For a list of current OUs see Current Departmental Organizational Units.

Joining your Windows systems to an OU in the Windows Enterprise Domain ("iastate.edu") means the bulk of the "user creation/deletion" chores are done for you. ISU NetIDs (which every faculty, staff, and student are registered for) are used for system login and resource access. However, you still have full control of your OU to add and remove systems, create "departmental exception" user accounts, and create and manage groups and group policy for your area. Users in the Windows Enterprise Domain appear in the "global address list" for the Windows Enterprise Exchange organization (see "Exchange Implementation" below).

For complete information on creating and managing a departmental OU visit the OU Administrator Support area.

Exchange Implementation/Administration

Exchange 2010 is integrated with Windows Enterprise design in that they share the same directory ("Active Directory") to store information about users (and their mailboxes). Exchange 2010 requires an enterprise "Exchange organization" that has been designed and implemented (much like the Windows Enterprise Active Directory system was designed and implemented). A good deal of information is available at ITS's Email for Faculty & Staff (Exchange) web page.

Licensing (CALs)

Many licensing requirements for departmental use of Windows systems are covered with the Microsoft Enrollment for Education Solutions (EES) agreement (formerly known as the Microsoft Campus Agreement or the MCA). Windows software (including Windows client and server operating systems and "Microsoft Office") are covered. Microsoft Client Access Licenses (CALs) MAY be covered for your use (depending on what you are doing). Refer to the Microsoft Enrollment for Education Solutions web page for information on the current agreement.

Windows Operating System and Office Activation (KMS and MAK Keys)

Windows Vista, 7, 8, 10, Server 2008, Server 2012 and Office 2010, 2013 and 2016 require software activation to continue to function. In general, systems that are not permanently "on campus" should never use the KMS key-activation method. You should always get a permanent "MAK" key for these systems. Laptops are always "prime candidates" for "MAK" keys. Another case is "isolated labs" or instrumentation systems that have no network connections. If any problems occur with either OS or Office activations, use the following commands to reset the KMS client (via cmd.exe started with the elevated privileges):

For OS activations:
rem set KMS host information*
c:\windows\system32\slmgr.vbs /skms ks.iastate.edu:1688
rem activate now
c:\windows\system32\slmgr.vbs /ato
rem get the activation status
c:\windows\system32\slmgr.vbs /dlv

For Office15 (2013) activations: 64-bit: rem set KMS host information* cscript "C:\Program Files\Microsoft Office\Office15\ospp.vbs" /sethst:ks.iastate.edu:1688 rem activate now cscript "C:\Program Files\Microsoft Office\Office15\ospp.vbs" /act rem get the activation status cscript "C:\Program Files\Microsoft Office\Office15\ospp.vbs" /dstatus 32-bit: rem set KMS host information* cscript "C:\Program Files (x86)\Microsoft Office\Office15\ospp.vbs" /sethst:ks.iastate.edu:1688 rem activate now cscript "C:\Program Files (x86)\Microsoft Office\Office15\ospp.vbs" /act rem get the activation status cscript "C:\Program Files (x86)\Microsoft Office\Office15\ospp.vbs" /dstatus
* KMS servers at Iowa State University are using a default port 1688 so specifying value of the port while setting up a KMS host may not be required.

Windows Software

A variety of software products are recommended and supported by ITS. Several software products are site-licensed and are provided at no cost for users with valid ISU NetIDs. Most site-licensed software is now being distributed from an SMB compliant file server. To locate and install the available software navigate to the following location from an Active Directory joined computer:

\\software.iastate.edu\software

Refer to the IT Handbook for complete details on the campus repository.

Informational Meetings and Mailing Lists
  • Windows Administrators meetings are no longer being held by ITS. Window administrators are encouraged to use the CCSG meetings to keep up on relevant Active Directive and Windows issues. The WinAdmin mailing list is maintained for announcements, discussion, etc. Past meeting notes are still available.

Last updated August 17, 2016