Skip to main content

Cornell University

IT@Cornell

Content (1289)

Reset Who Is Authorized to Join the Computer
If you are a CornellAD administrator and you are not sure what userid is authorized to join a computer to a domain, or if you created the computer object but get the message “Access denied” when you try to join the computer, use the following steps to reset the userid or group authorized to join…
Request Admin Access to Create and Manage Groups or Guest IDs in CornellAD
The CornellAD domain includes three main organizational units (OUs).
CornellAD Test Environment
CIT has a separate CornellAD domain for testing. The test environment is implemented as closely as possible to the production domain. Operating system and Service Pack levels, DNS integration, schema extensions, logical OU structure, and many Cornell-specific configurations are implemented in the…
Connect to Quest ARS (Active Roles Server)
When using the ARS Web Management tools, remote users are required to connect with CU VPN. To use the web-based ARS Web Management tool, use a supported browser
Uninstall Spirion: Mac
To uninstall Spirion, drag the Spirion Application Bundle into the Trash. If you reinstall Spirion again later, all previous custom Preferences and licensing/activation information will be intact.Alternatively, right-click (or ctrl-click) the application and select Move to Trash.
Shred Files: Mac
Shredding files in Spirion permanently removes them from your machine. You cannot recover shredded files.
Ignore Files: Mac
Your list of possible confidential data matches may include "false positives." A false positive is something that looked like confidential data to Spirion, but is not. You can ignore false positives. They will be skipped in future scans (unless they are changed).
Handle Scan Results: Mac
Is it Confidential Data?ActionDetailsStep-by-StepNoIgnoreThe match was a false positive.
Scan for Confidential Data on External Drives: Mac
You can use Spirion to scan the following:External hard drivesThumb drivesCDs and DVDsMounted encrypted volumes (for example, FileVault volumes)Some unit/department have optional policies in place; scanning may not be available in some locations. If you are scanning a folder on a server, you…
Scan for Confidential Data: Mac
Spirion is a tool to help you locate stored confidential data, but you’ll need to work through the results before you can be sure your machine is in compliance with University policy and local practices. Spirion is configured to run automatically, but you can also perform manually-triggered scans.
Red Hat Enterprise Linux (RHEL) Licensing
Red Hat Enterprise Linux (RHEL) is an open-source operating system.  Prior to September 2019, Cornell University maintained a contract with the vendor to provide automated updates and support. Due to declining use of RHEL at Cornell, CIT chose not to renew the contract.
Join a Linux Computer to the CornellAD Domain
CornellAD does not provide third-party tools to facilitate Linux management. It has been tested with PowerBroker (freeware) that allows you to join Linux clients to the domain, and allows users to log in using their domain credentials. Likewise Open is now called PowerBroker Identity Services…
Group Policy Objects (GPOs)
CIT creates and manages Group Policy Objects (GPO) for domain and forest-wide functions such as default password policy. Each individual unit is responsible for creating and managing their own set of local GPOs.
Delegate Group Creation and Management Privileges in CornellAD
This page covers the process for managing permissions that allow others to create and manage CornellAD groups. This involves:
Create Computer Objects in CornellAD
In order for a computer to appear in the correct local OU, the CornellAD organizational unit (OU) administrator needs to create the computer account within their OU under the local objects branch using ARS. OU admins should use the computer name assigned by the ARS tool to name the actual computer…
Create HoldingIDs in CornellAD
HoldingID is the term used for an account/principal created in CornellAD, which can "belong" to an individual or a department and has its own password (as all accounts do). One use of a HoldingID is allowing programmatic access to an Exchange Group Accounts (EGA). The HoldingID's password can be…
DNS with CornellAD
CornellAD makes heavy use of DNS by dynamically registering services via SRV records. The Authoritative DNS Server for cornell.edu is dns.cit.cornell.edu NS Pointers are configured to DNS servers for the following sub-zones:
CornellAD Password and Account Policies
The password and account policies in CornellAD are domain-wide settings, and affect all accounts in the cornell.edu domain. The policy is set at the domain level by CIT and is pushed down to all organizational units (OUs). CIT is not able make modifications to these parameters based on requests…
CornellAD Governance
The CornellAD Planning Committee is the governing body for matters affecting the entire CornellAD forest/domain. Each CornellAD top-level unit is entitled to have a representative on this committee. The Planning Committee addresses issues such as schema changes, naming conventions, security…
CornellAD Backups and Restores
CornellAD is backed up nightly. Only AD objects are backed up. Devices that happen to be joined to CornellAD are not.

At Cornell we value your privacy. To view
our university's privacy practices, including
information use and third parties, visit University Privacy.