IT professionals can learn about how the structure of workstation organizational units is designed, and what roles are available for those organizational units in the Managed Workstation Service.

Active Directory (AD) is a Microsoft technology used to manage computers and other devices on a network.

An Organizational Unit (OU) is a subdivision within an AD into which user objects, group objects, computer objects can be placed.

Managed Workstation Top Level Organizational Unit

The top level Active Directory Organization Unit (AD-OU) for computer objects (workstations) in the Managed Workstation Service is located at the following address:

  • grove.ad.uconn.edu/UConn/Managed_Workstation/Managed_Workstation/Workstations

Standard Naming Format and Descriptions of Descendant Organizational Units 

  • Descendant AD-OU's in Managed Workstation are configured flat (e.g., only one level below top level organizational unit) to allow for granular permissions and ease of management. 
  • The name of the AD-OU is the name of the functional area/purpose. If required, it can be prefixed with the support area/division, or appended with the campus and/or university building code for location. 
  • The description field of the AD-OU indicates whom local support is provided by. 

Example OU Names and Descriptions 

Department Name 

  • Academic_Center_for_Exploratory_Students

Division/Department and Building Location

  • Division_of_Athletics_BFFC

Function with Campus / Building

  • High_Technology_Classrooms_Storrs_OAK

Department with Function

  • University_Libraries_Loaner_Laptops

Support Area with Department

  • NorthWestIT_Facilities_Operations

Example Description

  • Supported by Information Technology Services Device Support

Example Layout
Active Directory Managed Workstation Structure

Available Roles & Permissions for Descendant Organizational Units

RolePermissions
Computer Managers
  • Create and delete descendant computer objects
  • Full control of descendant computer objects 
  • Delete (move) descendant computer objects from "unknown_workstations" AD-OU
Local Admins
  • Local administrator rights to descendant computer objects