OU Security Groups in Active Directory
The ability to create security groups is a benefit of using the Active Directory Organizational Unit (OU). Using security groups, permissions can be assigned to a subset of individuals, granting them access to files, workstations or other resources. Security groups can also be used as email distribution lists. See the Exchange: Distribution Groups Tech Article for more information.
Further training on managing Organizational Units is available upon request. Request training at edp.uark.edu.
Create an OU
To create a departmental OU (Organizational Unit), create a ticket with the subject "Create Organizational Unit for my department." IT Services will contact you for the necessary information to complete your request. If your department has an OU, the existing OU admin can create a new OU within the departmental OU and grant access to it.
Once your OU is created, install the Remote Server Administration Tools (RSAT) for Windows.
To create and manage security groups, ensure you are logged into a computer that is joined to the UARK domain and that you have permissions to create groups. Please see your OU administrator for details.
- Open the Start menu and search for Control Panel. Press Enter.
- Select "Programs and Features."
- Click "Turn Windows features on or off."
- Expand "Remote Server Administration Tools" by clicking the plus (+) icon.
- Expand "Role Administration Tools."
- Check the "AD DS and AD LDS Tools" box. Click OK. Click Close.
Add a Group
- Open the Start menu and search for "Active Directory Users and Computers." Press Enter.
- Navigate to your OU.
- Click Action, then New, and then Group.
- Enter a name for the group.
Note: IT Services strongly recommends that because group names are domain-wide, they start with the four-letter department code followed by a dash and the basic description. For example, within the domain, there can be a group named "wcob-techs" and another named "vcfa-techs," but only one named "techs."
- Keep the default Global Security options. Click OK.
- Double-click on the group in AD Users and Computers. Click the Security tab, and click Add.
- Enter "gacl\UARKusername," where UARKusername is the member's username. Click OK.
Note: It might be necessary for a user to log out and log back in again to access group resources.
- Grant group access to a resource by choosing the object's Security tab and entering the group name as "gacl\groupname."
- Right-click the group and select Properties.
- In the Security tab, click the UARK username to remove.
- Click the Remove button. Click OK.