Service Active Directory
University-wide authentication service
Since 2003, the URZ has operated a Microsoft Windows Active Directory domain. This domain is primarily used for university-wide authentication and authorization. In addition, the domain manages employee PCs as well as public computers available at the URZ and at some institutes.
The name of the domain is ad.uni-heidelberg.de. We operate several domain controllers as Windows servers in case a domain controller fails.
URZ-managed user accounts are automatically created in the domain. IT representatives are authorized to create user accounts and computer accounts for their own organizational unit. In order to do this, first you must submit a registration for an institute connection.
Target group
- IT representatives
Use
Institutes can obtain their own registration to the Windows Active Directory domain, through which they received the rights to set up computer accounts, see Registration for an institute connection.
Access and requirements
Registration for an institute connection to the Active Directory domain
In principle, all institute computers can be integrated into this system in one form or another, as long as they are equipped with Windows 10 or newer and Windows Server 2016 or newer.
The most suitable form of the connection to the domain is dependent upon the functionality of the individual devices and the question of how much administrative and maintenance work can/should be done at the institute versus at the URZ.
Generally speaking, there are 2 possibilities for how an institute manages its Windows environment:
- An independent domain (island)
- An Organizational Unit (OU) for devices within ad.uni-heidelberg.de
For PC Pools that use URZ user IDs, we recommend: OU within ad.uni-heidelberg.de.
The following table will highlight the differences among the options:
Table
Separate user ID | Yes | Yes |
Works with URZ user ID | No | Yes |
PC Pool Service | No | Possible |
Separate domain controller required | Yes | No |