Overview
Enterprise Active Directory (AD) manages access to resources primarily through groups. Access can be granted on a user-by-user basis but such assignments are rare, as group membership is the most effective way to keep track of who can access what at the University.
Detail
Working with Groups
CDS Groups
Enterprise Active Directory (AD) manages access to resources primarily through groups. Access can be granted on a user-by-user basis but such assignments are rare, as group membership is the most effective way to keep track of who can access what at the University.
Group membership is managed through the University's Central Directory Service (CDS) by RC Administrators. All interactions with CDS are managed through the Accounts Administration web service, which is accessed at accounts.pitt.edu. All users can perform basic tasks such as changing their password or viewing their login history. However, only designated RC Administrators are able to see the administrative links to manage groups.
RC Administrators are also able to delegate admin access on the Accounts Administration page to other faculty or staff.
CDS groups are used to manage access to range of computing services at the University including:
- The PittNet VPN (GlobalProtect) service
- Resources (such as file shares and printers) on department servers
- Resources (such as file shares on the Enterprise Web Infrastructure service) on Pitt Information Technology supported services
- Outlook resources such as shared calendars or resource accounts
One of the most popular uses for CDS groups is the support of email aliases for the Pitt Email (Outlook) environment. When an RC Administrator creates a group in the Accounts Administration environment, that group name can be used to set up group mailings in Pitt Email (Outlook). Even though Pitt Email (Outlook) is supported by Microsoft's Office 365 cloud-based email service, the group definitions established in Active Directory (that can be used for mailing) are not interchangeable with the native group convention supported in the Office 365 environment. An Active Directory group created to support a mailing list or provision access to resources (as shown in the list above) will not be recognized in the Office 365 environment. If you would like to use groups to manage access to Office 365-provisioned resources such as a SharePoint list, a OneDrive folder, or a Delve directory, you will need to set up an Office 365 group.
Office 365 Groups
The Office 365 environment, which all students, faculty, and staff can access with their University Computing Account and password, also supports the creation of groups to support collaboration. Groups created in Office 365 can also be used to send emails to a large number of people using the group ID as the destination address. To create an Office 365 group, log in to Pitt Email through My Pitt. Then click on the People icon
located at the bottom of the left column.
Any student, faculty, or staff member can create an Office 365 group and add users to the group. Using an Office 365 group is a quick way to set up a mailing list without having to enlist the aid of an RC Administrator.
The primary purpose of Office 365 groups is to support collaboration within Office 365. Office 365 group members can be set up to access a SharePoint list, a shared folder in OneDrive, a conversation group in Yammer, a folder in Delve, and many other online resources.
More information on using Office 365 groups is available on the Learn about Office 365 groups Microsoft support page.
Guidelines for Creating Office 365 Groups and Teams
Office 365 group or team names must meet the following criteria:
- The names should not be used to misrepresent your identity.
- The names should be professional in nature.
For continued access to groups, Pitt IT recommends creating two owners for each group.
You should also follow all University IT policies.
CDS Groups vs. Office 365 Groups
Keeping track of group functions can be confusing when you are discussing Pitt Email (Outlook). This is because Pitt Email (Outlook) allows users to send mass mailings to group IDs managed by CDS (via the Accounts Administration website) as well as Office 365 groups. Both CDS and Office 365 group IDs appear in the global address list and can be made available to multiple users for mailing. So which group convention should you use?
For larger projects or longer-duration efforts, you should lean towards using CDS groups that are set up by your area's RC Admin, especially if you are setting up a group to support a University function or project. This is because CDS groups can also be used to enable access to file shares, network zones where file servers live and Outlook resources like a shared calendar.
Office 365 groups are a good choice for projects that don't require access to a University file server, website or network zone because all of the collaboration will be happening in Office 365 using OneDrive, SharePoint, Delve, or Yammer. Since they don't require an RC Admin to be set up, any student, faculty, or staff member can establish an Office 365 group quickly. Another advantage to using Office 365 groups (versus CDS groups) is that you can add non-University members to your Office 365 collaborative environment. They don't need to have a University account but do need an Office 365 account of some kind (institutionally-sponsored or personal) in order to be added to an Office 365 group.
If your collaboration efforts will be limited to just sharing files (and providing feedback or commentary on shared files), you should consider using Box.
Box Groups
The University's agreement with Box allows for access to any student, faculty, or staff member to share files with members of the Pitt community, as well as with others from outside the University that have a Box account of some kind. Delegation of access via groups in the Box environment is not supported. You can enable access to a Box folder for collaboration by adding usernames to the list of IDs that can view or edit documents in the folder. But you can't organize the list of names into a group ID that you can recycle for other folders. Box is a good option to consider for one-off collaborative efforts that only require access and shared comments/feedback on documents. If you find that you need to continually recreate and repopulate the user lists for Box folders, consider moving your collaborative review/commentary hosting to OneDrive in Office 365 and using Office 365 groups