Content (1214)
Join a Mac
Before you begin, you'll need the Cornell AD DOCID and administrative access for the computer.
Joining a Windows computer to the cornell.edu domain involves the following basic steps:
UsersDOCIDs: See Create Sub-Delegation (DoCID) AccountsHolding IDs: See Create Holding IDs
CornellAD organizational unit (OU) administrators are given special delegation rights with an ID in the format prefix-NetID-doc. Use this account to perform administrative tasks.
Rights are granted as follows:
Naming Conventions
Naming Conventions: The only mandatory naming convention in CornellAD is that all object names must start with the unit prefix.
The CornellAD domain includes three main organizational units (OUs).
CIT has a separate CornellAD domain for testing. The test environment is implemented as closely as possible to the production domain. Operating system and Service Pack levels, DNS integration, schema extensions, logical OU structure, and many Cornell-specific configurations are implemented in the…
When using the ARS Web Management tools, remote users are required to connect with CU VPN.To use the web-based ARS Web Management tool, use a supported browser
To uninstall Spirion, drag the Spirion Application Bundle into the Trash. If you reinstall Spirion again later, all previous custom Preferences and licensing/activation information will be intact.Alternatively, right-click (or ctrl-click) the application and select Move to Trash.
Shredding files in Spirion permanently removes them from your machine. You cannot recover shredded files.
Your list of possible confidential data matches may include "false positives." A false positive is something that looked like confidential data to Spirion, but is not. You can ignore false positives. They will be skipped in future scans (unless they are changed).
Is it Confidential Data?ActionDetailsStep-by-StepNoIgnoreThe match was a false positive.
You can use Spirion to scan the following:External hard drivesThumb drivesCDs and DVDsMounted encrypted volumes (for example, FileVault volumes)Some unit/department have optional policies in place; scanning may not be available in some locations. If you are scanning a folder on a server, you…
Spirion is a tool to help you locate stored confidential data, but you’ll need to work through the results before you can be sure your machine is in compliance with University policy and local practices. Spirion is configured to run automatically, but you can also perform manually-triggered scans.
Red Hat Enterprise Linux (RHEL) is an open-source operating system. Prior to September 2019, Cornell University maintained a contract with the vendor to provide automated updates and support. Due to declining use of RHEL at Cornell, CIT chose not to renew the contract.
CornellAD does not provide third-party tools to facilitate Linux management. It has been tested with PowerBroker (freeware) that allows you to join Linux clients to the domain, and allows users to log in using their domain credentials.
Likewise Open is now called PowerBroker Identity Services…
CIT creates and manages Group Policy Objects (GPO) for domain and forest-wide functions such as default password policy. Each individual unit is responsible for creating and managing their own set of local GPOs.
Group management privileges can be assigned at the OU level, or directly on the group using primary and secondary owners. This page covers how to delegate permissions at the OU level. This involves:
In order for a computer to appear in the correct local OU, the CornellAD Organizational Unit (OU) administrator needs to create the computer account within their OU under the local objects branch using ARS. OU admins should use the computer name assigned by the ARS tool to name the actual computer…
HoldingID is the term used for an account/principal created in CornellAD, which can "belong" to an individual or a department and has its own password (as all accounts do). One use of a HoldingID is allowing programmatic access to an Exchange Group Accounts (EGA). HoldingIDs are created via…