Skip to main content

Cornell University

Active Directory Management

On This Page

Active Directory Management is made up of Group Management and CornellAD.

Group Management

The Cornell Groups Management infrastructure provides a way for Cornell IT administrators and others to manage authorization to network resources via CornellAD Groups.

Groups can be used

  • with CUWebAuth to allow only members of a specific group to access websites
  • to delegate permission for CornellAD resources such as printers and file-sharing resources
  • to set permissions in Exchange. For example, to share an Exchange calendar with a specific group.

CornellAD administrators can securely manage Active Directory with Quest Active Roles Server.

More information about Group Management


CornellAD is Cornell’s implementation of Microsoft Active Directory (AD), a directory service using Lightweight Directory Access Protocol (LDAP).

It provides:

  • Authentication, authorization, group management, and GuestID services
  • Features such as automated provisioning of identity data, access to identity data via LDAP query, and reference groups

With CornellAD, CIT keeps the directory infrastructure running and provides general campus service functions such as authentication, authorization, and account provisioning. CornellAD organizational unit (OU) administrators and IT service providers across campus use this infrastructure to deliver services to their end users.

Different levels of service are available. Campus IT service providers can take advantage of the full range of benefits by becoming CornellAD OU administrators, or can choose instead to use only general campus service features such as authentication, authorization, group management, and GuestIDs.

More information about CornellAD


To share feedback about this page or request support, log in with your NetID

At Cornell we value your privacy. To view
our university's privacy practices, including
information use and third parties, visit University Privacy.