You can use delegated OUs to meet all or some of your Windows domain service needs, and there are a variety of ways you might leverage the delegated OUs service. The use cases listed below are common scenarios that we expect clients will employ in taking advantage of the MI service via a delegated OU.
For all these scenarios, you may want to review:
Getting Started: Delegated OUs
Migration from an Existing Domain
General description: You have an existing Windows domain, and would like to get out of the business of running that domain.
To make this scenario work, after getting an OU there are a couple key steps you’d need to make:
- Review the NETID Migration Blueprint to find out how to migrate an existing Windows domain into your new OU
- Migrate your computers, taking care to reACL resources as appropriate
No Existing Windows domain
General description: You have NO existing Windows domain, but do have a stand-alone Windows servers or workstations which need to share resources via UW NetID based login. For example, you may have payroll coordinators which need to access enterprise data warehouse (EDW) resources that are only accessible via NETID user accounts.
To make this scenario work, after getting an OU there are a couple key steps you’d need to make:
- Join the workstations and servers which need to share resources
- Create security groups to restrict access to your workstations and servers as needed.
- Grant ‘logon locally’ and ‘access over the network’ permissions for your workstations and servers to the right groups.
- If needed, setup file share permissions.
- Tell users to access the shared resources.
Selective Migration
General description: You have an existing Windows domain, but you have concerns that a domain-scoped application you run won’t work well in the NETID domain or other limitations require that you continue running some computers outside of the NETID domain. For example, you might want to move only your servers into the NETID domain. Or conversely, you might want to move only your workstations into the NETID domain. Or perhaps you want to give users/groups within your Windows domain the choice of when they migrate to spread the work over a longer time period.
To make this scenario work, after getting an OU there are a couple key steps you’d need to make:
- Review the NETID Migration Blueprint to find out how to migrate an existing Windows domain into your new OU
- Formulate a migration plan which takes into account which user accounts your users will use to get to all your shared resources.
NOTE: Keep in mind that the NETID Windows domain does not trust any other domains.
NOTE: Unless you engage UW-IT for migration assistance, you will not have sidHistory on NETID user accounts.
- Migrate your computers, taking care to reACL resources as appropriate