Translated with DeepL.com

  • KIT Active Directory

  • The SCC provides the KIT organizational units with a Microsoft Active Directory based on Windows Server 2016. The organizational units (KIT-OEs) receive access to an OU provided for them in the KIT-AD, in which they can manage their AD objects independently.

With the central KIT Active Directory (KIT-AD), the SCC provides a multi-client capable system with which the KIT OUs can use all the advantages of an Active Directory largely independently. For this purpose, they are given access to their own Organizational Unit (OU) and can manage their AD objects independently. Since the KIT-AD is connected to the KIT Identity Management as well as to the KIT Group Management(https://team.kit.edu/sites/scc-admin-tools/gruppenverwaltung), IDM accounts as well as groups for the central services of the SCC are automatically provisioned into the KIT-AD and can be used accordingly in the KIT-AD.
The design concept underlying the KIT-AD can be found at https://team.kit.edu/sites/kit-itb/AK_KIT_AD/Informationen/Design KIT-AD.pdf.
Registration The SCC sets up access to the own OU upon informal request by the IT representative (ITB) of the KIT OU. The ITB can use the service request"Active Directory: Granting of admin rights" in the SCC ticket system for this purpose. Please inform us about the name of your OU and your administration account.
After the initial access authorization by the SCC, the authorized person can independently authorize further persons to access their OU.
Logout An explicit logout is generally not required. By removing the memberships in the KIT-AD group -Admins, the write access to the OU can be removed independently.

Included services

  • Consulting regarding the use of the KIT-AD service
  • Securing of the service operation by the SCC
  • Connection to central systems (e.g. IDM system, KIT group administration)

Services not included

  • Configuration and operation of systems using the KIT-AD service
  • Configuration of group policies
  • Adaptation of the service to individual needs
  • Operation of domain controllers in KIT organizational units
  • Access to protocols of domain controllers

Organizational requirements

  • KIT-AD can be used only by members of KIT
  • KIT-OEs automatically receive their own OU below kit.edu/kit/staff and kit.edu/kit/misc
  • Project groups receive their own OU below kit.edu/kit/meta upon request
  • The service may only be used within the framework of the regulations for the use of SCC facilities(http://www.scc.kit.edu/ueberuns/114.php).

Technical requirements

  • The KIT-AD can only be accessed within the KIT network (KIT IP address)