RAD
Rutgers Active Directory FAQ's
You now require additional elevated / ADM accounts then you have previously requested.
Rutgers Active Directory (RAD) uses ADM accounts for elevated rights to modify OU’s, groups, printers, group policies, servers and workstations within your organization. An ADM account will be based on your existing netid. Prior to RAD on boarding, you should identify who in your organization requires ADM accounts, for OU or Workstation admin access, and have them go through the request process below.
To Request Additional Elevated / ADM account:
- Go to Elevated Account Request under the Rutgers Active Directory (RAD) web page
- You can Submit an ADM account request and check the status of the request from this page.
- Once the ADM accounts have been created, they can be added to the appropriate groups by a Delegated OU admin.
- If you had an ADM account prior to when the Request process was implemented, you will have to still go through the Request process to link your existing Adm account to your netid.
- Once your ADM account has been provisioned correctly, you will be able to manage it through https://netid.rutgers.edu/index.htm
There are (2) ways to map your printers within RAD:
Directly through the Enterprise Print Server
OIT’s RAD enterprise print server can also be found at \\asbradprint01.rad.rutgers.edu where all your printers can be found.
GPO’s
- Launch Group Policy Management
- Locate your OU that you manage
- Right Click on the OU
- Choose “Create a GPO in this Domain, and Link it here…”
- Name the Group Policy accordingly and click OK
- In the Scope tab, under Security Filtering, remove Authenticated Users and add the appropriate group the GPO would apply to and click OK.
- In the Delegation Tab, click Add, and add Authenticated Users with Read permissions and select OK.
- Right Click the GPO you just created and choose Edit
- Group Policy Management Editor will pop up.
- In here, choose Computer Configuration>Policies>Windows Settings>Deployed Printers. You will enter printer name (\\server\printername), then click Add to Deploy these printers to this GroupPolicy Object, then click OK, then close out of window.
- In the Group Policy object that was created, go to the settings tab, and confirm setting were applied in User Configuration.
You may want to do this if your display name is not what you prefer or what you were expecting to see. This process will update your display name and reflect on your RAD machine, email, etc.
- Go to the following website: https://personalinfo.rutgers.edu
- On website, proceed to Directory Listing Tab
- You will read the information posted, then proceed to enter your preferred display name, then hit Save Directory Listing Settings.
Administrative access is provided to end users through Adm accounts. ADM accounts must exist before the GP is created. ADM accounts can be requested here.
https://requests.rutgers.edu/radAdmin/radAdmin.htm
Once the Adm account is created, OU admins can use the directions below to create a Group policy to provide administrative rights to the user’s Adm account.
- Find the computer in AD Users and Computers. The GPO must be created and linked to the same OU that the machine is in.
- Open GPMC, Navigate to the OU the machine is in. Right click the OU and choose to “Create and Link GPO here…”
- Create the Group Policy using the following naming convention: Delegated OU NETID Admin GP
- Right-click the Group Policy and select Edit.
- Navigate to Computer Configuration | Policies | Windows Settings | Security Settings | Restricted Groups.
- Right-click on Restricted Group
- Select Add Group and type in Administrators and click OK. The properties tab of the Administrators group is displayed
- Under “Members of this group” Click on Add and Browse. Add Groups to the Object Types
- Add in the following groups: RAD Admin Access, Delegated OU Workstation Administrators group and the user’s Adm account.
- Click OK until back at the Group Policy editor window.
- Close the Group Policy editor, select the Group Policy and click the Scope tab:
- Remove Authenticated Users and add in the workstation that the user is going to have administrative rights over.
- Click on the Details tab and change the GPO Status to User configuration settings disabled and click OK.
- Click on the Delegation tab and add the following groups: Delegated OU Admins and Rad Group Policy Administrators. Change the default “Read” to “Edit Settings, delete, modify security” and select OK. Add Authenticated Users group as well and leave permissions on “Read.” Once those groups have been added remove yourself from the delegation list.
- Click on the OU and change the order of the group policies so the departmental group policy is at the bottom of the list, i.e. has the highest number of all the group policies applied to this OU.
- Right click on the group and select properties
- Click on the Security Tab, then Advanced
- Click the ADD Button, and on the next screen “Select a Principal”
- An AD Find box will appear. Type in the name of the OU-admin group and hit check names to ensure you have the spelling correct.
- Click OK once the correct OU admins group has been located.
- On the Next Screen on the “Applies To” filed, select ‘This Object Only”
- This group should have the “Write Members” checkbox checked so they can start modifying the group membership of this group.
- This should be checked by Default after you add the group.
- Hit OK and then apply on the next screen.
- Access has now been granted for that OU admins group to modify the members of this group.
- Launch Group Policy Management
- Locate your OU that you manage
- Right Click on the OU
- Choose “Create a GPO in this Domain, and Link it here…”
- Name the Group Policy accordingly and click OK
- In the Scope tab, under Security Filtering, remove Authenticated Users and add the appropriate group the GPO would apply to and click OK.
- In the Delegation Tab, click Add, and add Authenticated Users with Read permissions and select OK.
- Right Click the GPO you just created and choose Edit
- Group Policy Management Editor will pop up.
- In here, choose User Configuration>Preferences>Windows Settings>Drive Maps
- Right click Drive Maps, highlight New, select Mapped Drive
- In the General Tab, for Location: Enter DFS link (recommend copy, paste) and Drive Letter: Select appropriate drive letter
- In the Common tab, select Run-In logged-on user’s security context (user policy option)
- Select Apply, OK to close window
- In the Group Policy object that was created, go to the settings tab, and confirm settings were applied in User Configuration
- Connect to VPN
- Use RDP to connect to your desktop and access mapped Shared Drives
If RDP is not available
Accessing RAD Shares Remotely – After connecting to the appropriate VPN, users working from home
should be able to access Rad Shares that are housed on Isilon Storage.
- Users on RAD bound machines should be able to connect by DFS link. Please contact your local
IT Support to determine which DFS link you should be using to access your RAD storage.- Example DFS Link: \\rad.rutgers.edu\dfs\RADHomeShares
- Users on Stand Alone non-Managed machines should be able access the storage by SMB Path.
Please contact your local IT Support to determine which SMB Path you should be using to access
your RAD storage.- Example SMB Path: \\isilon-1-asb-smb.ei.rutgers.edu\home
If data is on One Drive or BOX, they would not have to connect to VPN to access that.
These groups belong to Rutgers-Newark IT for support of the Newark Campus EMS application
supporting the Newark Campus, and the business school in New Brunswick.
The application https://reserve.newark.rutgers.edu , is a reservation and event management application
which allows authentication of a user, and based on their group membership in RAD, LDAP will
determine what process template they will receive, and where they can make reservations. Potentially
anyone can use this application which is why the group is populated with all staff.
The group includes all Rutgers Staff based on a nightly import from the DW. These applications are
supports approximately 20k users so a manual process could potentially be inefficient and time
consuming. RAD groups support its functionality. In the case of EMS, these RAD groups provide role
information that EMS used to determine what rooms are available for the user to schedule and what
rules apply to their scheduling requests.
Below are the groups associated with the EMS application:
- Run Oit Ems-Faculty
- Run Oit Ems-Staff
- Run Oit Ems-RBS Students
- Run Oit Ems-CJ Grad Students
- Run Oit Ems-Law Students
- Run Oit Ems-Camden Law Students
- Run Oit Ems-SPAA MPA Students
- Run Oit Ems-SPAA PhD Students
- Run Oit Ems-SPAA Undergraduate Students
- Rls Nwk-Computer Services Users
- Rls Nwk-Library Users
Setting up RAD -adm Account for the First Time
- Go to Elevated Account Request
- Click on Submit an RAD Admin Request
- Click on Submit Request
- You will then receive an email as below.
- Follow the instructions in the email to complete the process. The process to set a password on an -adm account is listed below:
You should receive message as: Create RAD Admin Request
RAD Admin Request #’xxxxx’ has been submitted successfully. You will be notified when the request is approved and processed
Steps to follow to set up netid-adm password
- Go to the following link and login with your regular netID and password
- Set up two-factor for your netid-adm account
- Set up /reset password for RAD Admin Account. Please note, the -adm password should be different from your netID password.
- If the account set up is successful, following success page is shown:
https://netid.rutgers.edu/loginView.htm?from=/createRadAdminAccount.htm
If you require further assistance, please contact rad-support@oit.rutgers.edu