Skip to main content

Cornell University

IT@Cornell

IT Professionals

Content (1349)

Join a Windows Computer to the CornellAD Domain
Joining a Windows computer to the cornell.edu domain involves the following basic steps:
CornellAD Objects: Users, Computers, Groups, GPOs
Users NetIDs: All NetIDs are provisioned by CIT in a branch under CUniv/NetIDs/Staff path, divided into Staff, Alumni, Student, and Inactive. Staff NetIDs are further grouped under unit organizational units (OUs). Changes to demographic information related to a NetID will be reflected in CornellAD…
OU Structure
CornellAD organizational unit (OU) administrators are given special delegation rights with an ID in the format prefix-NetID-doc. Use this account to perform administrative tasks.  Rights are granted as follows:
Planning, Architecture, and Configuration
Naming Conventions Naming Conventions: The only mandatory naming convention in CornellAD is that all object names must start with the unit prefix.
Reset Who Is Authorized to Join the Computer
If you are a CornellAD administrator and you are not sure what userid is authorized to join a computer to a domain, or if you created the computer object but get the message “Access denied” when you try to join the computer, use the following steps to reset the userid or group authorized to join…
Request Admin Access to Create and Manage Groups or Guest IDs in CornellAD
The CornellAD domain includes three main organizational units (OUs).
CornellAD Test Environment
CIT has a separate CornellAD domain for testing. The test environment is implemented as closely as possible to the production domain. Operating system and Service Pack levels, DNS integration, schema extensions, logical OU structure, and many Cornell-specific configurations are implemented in the…
Connect to Quest ARS (Active Roles Server)
When using the ARS Web Management tools, remote users are required to connect with CU VPN. To use the web-based ARS Web Management tool, use a supported browser
Uninstall Spirion: Mac
To uninstall Spirion, drag the Spirion Application Bundle into the Trash. If you reinstall Spirion again later, all previous custom Preferences and licensing/activation information will be intact. Alternatively, right-click (or ctrl-click) the application and select Move to Trash.
Shred Files: Mac
Shredding files in Spirion permanently removes them from your machine. You cannot recover shredded files.
Ignore Files: Mac
Your list of possible confidential data matches may include "false positives." A false positive is something that looked like confidential data to Spirion, but is not. You can ignore false positives. They will be skipped in future scans (unless they are changed).
Handle Scan Results: Mac
Is it Confidential Data? Action Details Step-by-Step No Ignore The match was a false positive.
Scan for Confidential Data on External Drives: Mac
You can use Spirion to scan the following: External hard drives Thumb drives CDs and DVDs Mounted encrypted volumes (for example, FileVault volumes) Some unit/department have optional policies in place; scanning may not be available in some locations.  If you are scanning a…
Scan for Confidential Data: Mac
Spirion is a tool to help you locate stored confidential data, but you'll need to work through the results before you can be sure your machine is in compliance with University policy and local practices. Spirion is configured to run automatically, but you can also perform manually-triggered scans.
Red Hat Enterprise Linux (RHEL) Licensing
Red Hat Enterprise Linux (RHEL) is an open-source operating system.  Prior to September 2019, Cornell University maintained a contract with the vendor to provide automated updates and support. Due to declining use of RHEL at Cornell, CIT chose not to renew the contract.
Join a Linux Computer to the CornellAD Domain
CornellAD does not provide third-party tools to facilitate Linux management. It has been tested with PowerBroker (freeware) that allows you to join Linux clients to the domain, and allows users to log in using their domain credentials. Likewise Open is now called PowerBroker Identity Services…
Group Policy Objects (GPOs)
CIT creates and manages Group Policy Objects (GPO) for domain and forest-wide functions such as default password policy. Each individual unit is responsible for creating and managing their own set of local GPOs.
Delegate Group Creation and Management Privileges in CornellAD
This page covers the process for managing permissions that allow others to create and manage CornellAD groups. This involves:
Create Computer Objects in CornellAD
In order for a computer to appear in the correct local OU, the CornellAD organizational unit (OU) administrator needs to create the computer account within their OU under the local objects branch using ARS. OU admins should use the computer name assigned by the ARS tool to name the actual computer…
Create HoldingIDs in CornellAD
HoldingID is the term used for an account/principal created in CornellAD, which can "belong" to an individual or a department and has its own password (as all accounts do). One use of a HoldingID is allowing programmatic access to an Exchange Group Accounts (EGA). The HoldingID's password can be…

At Cornell we value your privacy. To view
our university's privacy practices, including
information use and third parties, visit University Privacy.