The ‘CatNet forest consists of a single forest root containing at least two domain controllers for redundancy.  The domain controllers in the forest root domain also function as DNS servers for the forest.  Within the forest is a granular OU structure designed to maintain separation of UITS managed AD objects and those delegated to departmental or college IT staff.  In addition this structure allows implementation of group policies at a very granular level.

The NetID OU contains a mirror of the U of A NetID LDAP directory.  Additional user attributes are currently populated through the Phonebook; in the future additional data sources will be used to maintain full user information.  The primary role of this OU is to contain all limited user accounts for the entire forest and access to this OU is restricted to the Enterprise Admins group.  Please see “Populating the Active Directory: User Accounts” for additional information.

CatNet Computers

The CatNet Computers OU is the default location for newly joined computer objects.  If a computer is manually joined to the domain without a pre-existing computer account it will appear in this OU.  All computers must be moved from this OU to the appropriate OU for management by the OU Administrator(s) who will be managing the computer.

The Enterprise OU is designed to provide a central repository for enterprise level services.  These services may include print servers, file servers, update servers, email servers and/or calendaring servers to name a few.  There will be no limited user accounts created or maintained in the Enterprise OU or any child OUs beneath it.

The Delegation OU contains two child OUs; Delegated Admins and Delegated OUs.  All of the delegated organizational units are stored within the Delegated OUs child OU.  This is where security groups, workstation computer accounts and department specific member server computer accounts are created and maintained.  The primary role of this OU is to facilitate the management of groups and computer accounts for security and resource access via group policy. The Delegated Admins OU contains all of the OU Administrator accounts and the security groups to which they belong.  Objects within this OU can only be modified directly by the Enterprise Admins group.

The UITS Managed OU contains non-enterprise level servers, groups, workstations and service accounts internal to the UITS department.  All AD objects within this OU are managed by the UITS Windows Enterprise Administrators group.