Computer

Active Directory in the School of Engineering

– Organization is structered by Organizational Units (OUs)
– Designation and creation of a new computer
– Managing user accounts
– Password synchronization of the EPFL and  the Windows user account

Designation and creation of a new computer

The computers are created in an OU (Organizational Unit)
The computer name meets the following naming convention:

– No more names such as: (‘foo’ or ‘PC David & Goliath’, Laurent, Peter and Jacques …),
– Do not rely on existing IP names as they might be related to an obsolete structure (e.g. “sidmxpc4” because the unity does no longer exist)
– name the new computer with the current Institute / Unity initials (both or only one) but keep the hierarchy right.

– This naming convention is applied for a computer
As an example:
• Name sidmxpc4 (historically, a computer of the Materials Science Department)

The computer is now in the INTRANET Domain:
DOMAIN intranet,  OU sti, OU imx, OU ge, OU ge-pc
• It takes as a prefix the name of unity, in this case: “imxge”
• For the suffix is simply the same as before, “pc4”
• This computer is called: “imxgepc4”

The procedure for creation of a new computer in the INTRANET Domaine takes place in two phases:

1) Creating a new computer object in the OU “unity-pc”
2) connecting a Computer to the INTRANET Domain.

1) Create a new computer object via the Administrative Tools “Active Directory Unsers and Computers”
To do so, you must have an Active Directory Administrator Account (ADsciper) of the Unity
you want to create the object and you need to obtain the delegation of management rights (contact: laurent.kling@epfl.ch).

Since June 20, 2013, only the Administrator Account has the privilege to add a computer into the STI Domain.

After installing the management tools (“RSAT.mis” for Remote Server Administration Tools for Windows 7).

For Windows 10, this command in PowerShell with elevated priviledge install all tools:

Install-WindowsFeature -IncludeAllSubFeature RSAT

You log to the domain with the INTRANET Administrator Account (ADsciper) which needs first to be activated.
An alternative solution is to use a secure RDP connection on:
winadmin1.intranet.epfl.ch

We must create in the OU “unity-pc”, a computer:
– Start> Control Panel> Administrative Tools> Active Directory Users and Computers
– Right-click on the OU “PC-unit”, select: New > Computer

In the window that opens, define the following fields:
– Computer name: “name of the pc”
– User or group:
It is mandatory to change the default: Domain Admins to “Unity-AdminsU” to add a computer.

To find for security groups defined for a unit:
Change button
– Below the lign intranet.epfl.ch tape the initials of the unity (e.g. stiit-) and select the “OK” Button
– Then select the security group of the administrator of the unity (e.g .stiit-AdminsU)

Then move the dialog Managed, Next button, and you the similar window will open:

IMPORTANT: the computer object will be available after a period of 15 minutes
(Replication between Domain Controllers)

2) connecting a computer to the INTRANET Domain.

Beforehand, it is necessary that the following conditions are established:
DNS active directory (128.178.15.227, 128.178.15.228) + WINS (128.178.15.44)
• Right click on My Network Places, Properties
• Right click on Local Area Connection, properties
• component Internet Protocol (TCP-IP), properties
• click button “Advanced”
• click Tab, Wins
• button click, Add, and add the wins server following: 128.178.15.44
• Wins are another, 128.178.1.44, it will not be valid in a while, remove and replace the one indicated by the one indicated below:

• Right click on My Computer, Properties
• “Network Identification” tab, Properties
• computer name = namepc
• Workgroup = workgroup
restart

Then you can connect the computer to the INTRANET Domain.

• Right-click on My Computer, Properties
• “Network Identification” tab, Network ID
• attach a corporate network
• my company uses a domain

Identification:

– Name: ADsciper
– Password: your_password
– Domain: INTRANET.EPFL.CH
– When asked if you want to use the already existing account, say YES
– Restart

If all went well, your computer should be in INTRANET Domain.

How to check:

– Right-click on My Computer, Properties
– Select the Computer Name tab
– Full computer name: namepc.intranet.epfl.ch