Joining Boston University’s Active Directory (AD) as an Organizational Unit (OU) offers many advantages. Three of the most popular are described below.

  • Departments no longer need to purchase and maintain Domain Controllers. Domain Controllers are centrally managed, monitored 24 by 7, and located in several geographic areas to provide redundancy and ensure reliability. Centrally maintained information is updated constantly and need not be duplicated by departments.
  • Authentication to resources such as individual and lab computers can be offered via the standard BU login name and Kerberos password, eliminating the need to create and maintain local accounts.
  • Over 200,000 Security Groups are automatically maintained through synchronization with information stored in Ph, Boston University’s metadirectory. Examples include groups based on department; faculty, staff, or student status; academic major; and curriculum. Security Groups are maintained for each section of each course taught each semester; membership is updated daily as students add and drop courses. OU administrators can use these automatically maintained groups to control access to resources, such as computers and files.
  • While AD as a whole is highly available, any individual domain controller could be down for scheduled or unscheduled reasons. Where possible applications should be configured to rely on ad.bu.edu, rather than specific domain controllers.  Where that is not possible, they should be configured to fail over to other domain controllers automatically or load balance between multiple domain controllers.
  • If you build new applications or do substantial upgrades to existing applications which rely on active directory, we’d like to hear about it, particularly if your department will rely on those applications for their critical functions. We strongly suggest that any such critical applications have a test system in our QA environment so they can be validated when we upgrade Active Directory.

Responsibilities

Each academic and administrative unit joining the Active Directory must adhere to several basic requirements to ensure that the University-wide infrastructure works smoothly for everyone.

  • To avoid conflicts and confusion, the names of all computers and security groups in your OU must begin with your OU name followed by a hyphen, e.g., in the College of Engineering, all computer names and local security groups begin with “ENG-“.

Schedule a meeting

When you’re ready to meet and talk about setting up your OU, contact the IS&T AD administrators.