Getting Started: Delegated OUs

Requesting a delegated OU with the UW Windows Infrastructure (UWWI) is a common way of making use of the automatically-provisioned Windows user accounts that correspond to UW NetIDs (hereafter referred to as UWWI user accounts).

After successfully obtaining a delegated OU, joining computers, and configuring your resources with the appropriate access controls, you will be able to tell your clients to login with UWWI user accounts to obtain access to your Windows-based resources.

Preparing to Make a Decision

1. Review benefits of a UWWI Delegated OU and decide whether you want one.
2. Understand the practices surrounding UWWI Delegated OUs.
3. Understand the landscape of UWWI: UWWI users, UWWI groups, and UWWI Policy.
   • Pay special attention to UWWI user limitations, UWWI user workarounds, and Managing UWWI user attributes to understand what user management capabilities you will have.
4. Review common ways you might use UWWI with a Delegated OU.

Requesting a Delegated OU

1. Determine the name of the OU you'd like to obtain.
2. Determine the computer name reservations you'd like to request, after reviewing how UWWI computer naming works.
3. Request your Delegated OU. Note that the OU Request page will prompt you for NetID credentials. You will need to enter your name as "netid\your-UW-username".
   • Notable pre-requisites include: a mailing list with all your OU admins, the UW NetID for a computing director or equivalent, desired OU name, and desired computer namespace reservations.
4. As part of the request process, your Windows administrators will need to get a 2-factor security token and Admin UW NetID(s), as documented at http://www.washington.edu/itconnect/accounts/admin.html#CREATE.

Using Your Delegated OU

1. Adapt your approach to administration by using the right tools and tips.
2. Consider requesting a UW NetID Computing Support Org to be able to manage UWWI user attributes and other delegated OU settings.
3. Review the UWWI Migration Blueprint to find out how to migrate an existing Windows domain into your new OU.
4. Consider bulk importing your existing domain's groups via GroupSync.
5. If your computers have firewalls, ensure that the firewalls do not restrict access to UWWI.
6. Add computers to UWWI the correct way: Adding a Computer to a UWWI Delegated OU. 
7. If needed, make use of the Delegated OU Computer Groups to replace Domain Computers.
8. If desired, read about Using BitLocker on computers in your Delegated OU.
9. For workstations in your Delegated OU that need DDNS services, consider using UWWI DDNS.
10. Review the UWWI FAQ on Delegated OUs for questions that might help you.
11. Enjoy UW NetID based login to your workstations and servers!