Search | Directories | Reference Tools
UW Windows Infrastructure Service banner image
Skip Navigation LinksUW Home > IT Connect > Services > UW Windows Infrastructure > Getting Started: UWWI Delegated OU

Getting Started: Delegated OUs

Requesting a delegated OU with the UW Windows Infrastructure (UWWI) is a common way of making use of the automatically-provisioned Windows user accounts that correspond to UW NetIDs (hereafter referred to as UWWI user accounts).

After successfully obtaining a delegated OU, joining computers, and configuring your resources with the appropriate access controls, you will be able to tell your clients to login with UWWI user accounts to obtain access to your Windows-based resources.

Preparing to Make a Decision

  1. Review benefits of a UWWI Delegated OU and decide whether you want one.
  2. Understand the practices surrounding UWWI Delegated OUs.
  3. Understand the landscape of UWWI: UWWI users, UWWI groups, and UWWI Policy.
  4. Review common ways you might use UWWI with a Delegated OU.

Requesting a Delegated OU

  1. Determine the name of the OU you'd like to obtain. We strongly recommend you pick a name 7 characters or less.
  2. Determine the computer name reservations you'd like to request, after reviewing how UWWI computer naming works.
  3. Request your Delegated OU. Note that the OU Request page will prompt you for NetID credentials. You will need to enter your name as "netid\your-UW-username".
    • Notable pre-requisites include: a mailing list with all your OU admins, the UW NetID for a computing director or equivalent, desired OU name, and desired computer namespace reservations.
  4. As part of the request process, your Windows administrators will need to get a 2-factor security token and Admin UW NetID(s), as documented at http://www.washington.edu/itconnect/accounts/admin.html#CREATE.

Using Your Delegated OU

Things to review when you are getting started:

  1. Adapt your approach to administration by using the right tools and tips.
  2. Consider requesting a UW NetID Computing Support Org to be able to manage UWWI user attributes and other delegated OU settings.
  3. Review the UWWI Migration Blueprint to find out how to migrate an existing Windows domain into your new OU. Consider bulk importing your existing domain's groups via GroupSync.
  4. If your computers have firewalls, ensure that the firewalls do not restrict access to UWWI.
  5. Add computers to UWWI the correct way. See Adding a Computer to a UWWI Delegated OU and Adding a Mac to a UWWI Delegated OU.
  6. If needed, make use of the Delegated OU Computer Groups to replace Domain Computers.
  7. If desired, read about Using BitLocker on computers in your Delegated OU.
  8. For workstations in your Delegated OU that need DDNS services, consider using UWWI DDNS.
  9. Consider using Group Managed Service Accounts (gMSAs) for your service account needs.
  10. If you accidentally delete something in your OU, you can request an Item Level Restore.
  11. If you accidentally lock yourself out of a computer, you can review this helpful FAQ
  12. Review the UWWI FAQ on Delegated OUs for questions that might help you.
  13. Enjoy UW NetID based login to your workstations and servers!

Useful capabilities provided to Delegated OU customers:

  1. Domain migration assistance.
  2. PowerShell script to add a computer object
  3. Unix integration guidance.
  4. Delegated OU Computer Groups, i.e. a group with all computers in your OU.
  5. BitLocker guidance.
  6. Dynamic DNS services for workstations.
  7. Group Managed Service Accounts (gMSAs) for your service account needs.
  8. Some delegated Service Principal Name privileges.
  9. AD item Level Restore, if you accidentally delete something in your OU
  10. Active Directory Certificate Services for automated certificate issuance for use cases internal to the UW
  11. Domain-based DFS Namespace services for file service publishing