Information for OU Admins

What is an OU Admin?
An OU Administrator is the term we use in the WolfTech Active Directory domain to indicate those responsible for the management of particular OUs / units within the campus domain. Usually these are department, college, and central IT level Windows administrators. Each OU Admin is given complete control over his portion of the campus directory and all objects (computers, non-Unity user accounts, group policies, etc) within.

How do I become an OU Admin?
Presuming your unit already has an active OU Admin, it is their responsibility to create your .admin account. Following domain convention, it is expected that new user account will be created under the “Departmental Users\OU Admins” OU within your unit’s OU structure. This account will be your UnityID with a “.admin” suffix added to the end of the account. Finally, the account is added to your unit’s [OU]-OU Admins group that is at the root of your OU. Doing so will provision rights to your OU structure to this account.

Should your unit not have an active OU Admin account who can perform this task, your college OU Admins may create the account. If necessary, the account can be created by the campus domain administrators. In this case, we request that an email be sent by your supervisor to to initiate this request.

All .admin accounts are automatically disabled (via daily scripts) once its associated UnityID is also disabled.

Training Videos:

Short Exercises:

Old Docs

Random Notes:

  1. The following two ports are blocked, we think inbound-only:
    5900 – VNC
    1433 – MSSQL
  2. Various Windows ports are blocked inbound and outbound (not sure about UDP/TCP, but probably both):
    135 – Windows RPC
    137 – Netbios name service
    138 – Netbios datagram service
    139 – Netbios session service
    445 – CIFS / SMB
  3. Blocked Inbound/Outbound
    161 – SNMP
    162 – SNMP
    9100 – Jet Direct control port
    515 – LPR service
    631 – Internet print protocol (IPP) service