IT Handbook

The IT Handbook was developed by the Colleges of Engineering and Liberal Arts and Sciences and Information Technology Services. This handbook is intended to provide answers to common IT questions at Iowa State University.

OU Manager's FAQ

Look at the OU Administation FAQ for the answers to common questions.

Departmental OU Life-cycle Procedures

• Requesting a Departmental/College Organizational Unit

• Management Change in a Departmental/College Organizational Unit

• Shutdown of a Departmental/College Organizational Unit

Policy and Procedures for Managing Users and Computers in an OU

• Creating a Departmental Sub-OU and Delegating Full Control

• Departmental Staff Hiring Status

• Enforced Conventions for User and Group Names

• Joining a Computer to a College/Departmental Organizational Unit

• Managing Users Within a College/Departmental Organizational Unit

• Master Directory Sources

• Moving Computer Objects Among Top-Level OUs

• Student User Object Policy and Procedures

• Students and Exchange

• The Care and Feeding of Iowa State NetIDs (archive document - not current information)

Group Policy

• Group Policy Object Procedures (ISU specific)

• Group Policy in Windows Server (Microsoft)

ASW and Institutional Lists as Windows Security Groups

• Mail Lists as Global Address List Contacts

• Official University Lists as Global Security Groups

• User Requested Lists as Global Security Groups

Special Requests (for things only Enterprise Admins can do)

• Departmental Enterprise Product Support Standards

• MyFiles Storage

• DFS - Creating a Departmental Domain DFS Root

• PSOs - Granular Password Settings Objects

• OU Manager Security Drilldown

• PSOs - Granular Password Objects

• RDP - Remote Desktop Protocol Attack Prevention

• System Lockdown and Access Control

• WSUS - Using the Enterprise WSUS Server

General System Deployment

• Adjusting SCCM Boot Images - Time Zone Problem Mitigation

• Authentication Issues Relating to LANMAN and NTLMv1

• Configuring Windows Server 2008 Clusters

• Imaging Systems That Use OpenAFS

• SAN LDAPS Certificates on Windows Domain Controllers

• Using LDAPS on the Windows Enterprise Domain

• Using Sysprep

Macintosh OS X

• Fixing Mac OS X AD LDAP Searches for Performance Gain

Labs and Other Multi-User Systems

• Group Policy Needs for Roaming Profiles

• Redirecting IE Favorites to User's AFS Home

• Windows Server 2008 Terminal Services at ISU

Unix System Integration

• Integrating RHEL5 and RHEL 6 Systems with Active Directory

Several tools have been developed at Iowa State or discovered by our OU admins that are valuable for day-to-day IT admin functions. If you discover any other tools you feel will be widely used by others, email them to us.

• Active Directory Enumerator (ADE) is an application to perform interrogation and management of users, groups, and computers within Active Directory. It is the “Swiss army knife” of user, group, and computer management within an Active Directory OU environment. ADE can expand the entire group-membership tree for a user or show the users that are members of a group structure. AD attributes can be displayed.

• Backup Wizard is a frontend to Microsoft’s “User State Migration Tool” (USMT). The Backup Wizard provides a GUI interface to walk you through backing up selected users on a system (including special file locations outside the normal “Documents and Settings” area). This is most useful when replacing a desktop while retaining the users settings, documents, etc. OS upgrades (XP to Vista, for example) are handled.

• Creating Group-Aware Logon Scripts is a document that provides information on using a Microsoft tool (ifmember.exe) to evaluate user group membership and control logon script processing.

• MS03-026 Example Scripts is a package distributed by Microsoft to assist in patching Windows NT, 2000, XP, and Server 2003 systems for the MS03-026 RPC vulnerability. This package can be burned on a CD-ROM to provide an automated, easy-to-use method for patching vulnerable systems.

• PswdUtil is a program that checks user objects in an OU for password age. This program will produce lists of users whose password is over "n" days old and allow an OU administrator to force the user to change their password if desired. Using this utility each OU administrator can enforce a stricter password age policy than the default domain password age policy.

• ShowUserDept is a program that displays the official university college and department data for a given ISU NetID. This data is used to determine the appropriate departmental OU for location of faculty and staff user objects. An indication as to whether or not the NetID is "inactive" (suspended) or not is also provided. Interactive and batch modes are supported.