Directory Services: Working with Groups
Working with Groups
Enterprise Active Directory (AD) manages user access to resources primarily through groups. Access can be granted on a user-by-user basis but such assignments are rare, as group membership is the most effective way to keep track of who can access what at the University.
Group membership is managed through the University's Central Directory Service (CDS) by staff with RC Administrator privileges. All interactions with CDS are managed through the Accounts Administration web service, which is accessed by logging into the My Pitt portal and clicking on Accounts Administration. All users can access Accounts Administration to perform basic tasks such as changing their password or viewing their login history. However, only designated RC Administrators are able to see the administrative links that enable the management of groups.
RC Administrators are also able to delegate admin access on the Accounts Administration page to other faculty or staff.
CDS groups are used to manage access to range of computing services at the University including:
- The Secure Remote Access service
- Resources (such as file shares and printers) on department servers
- Resources (such as file shares on the Enterprise Web service) on CSSD-supported services
- Outlook resources such as shared calendars or resource accounts
One of the most popular uses for CDS groups is the support of email aliases for the My Pitt Email environment. When an RC Administrator creates a group in the Accounts Administration environment, that group name can be used to set up group mailings in My Pitt Email. Even though My Pitt Email is supported by Microsoft's Office 365 cloud-based email service, the group definitions established in Active Directory (that can be used for mailing) are not interchangeable with the native group convention supported in the Office 365 environment. An Active Directory group created to support a mailing list or the provisioning of access to resources (as shown in the list above) will not be recognized in the Office 365 environment. If you would like to use groups to manage access to Office 365-provisioned resources such as a SharePoint list, a OneDrive folder or a Delve directory, you will need to set up an Office 365 group.
Office 365 Groups
The Office 365 environment, which all students, faculty and staff can access with their University Computing Account and password, also supports the creation of groups to support collaboration. Groups created in Office 365 can also be used for the sending of emails to a large number of people using the group ID as the destination address. Office 365 groups are created by going into the Outlook Online interface (via the My Pitt Email link in the My Pitt portal environment) and clicking on the People icon: This icon is located at the bottom of the left column as well as in the matrix of Office 365 links that appears when you click on the blue grid icon.
Any student, faculty or staff member can create an Office 365 group and add users to the group. Using an Office 365 group is a quick way to set up a mailing list without having to enlist the aid of an RC Administrator.
The primary purpose of Office 365 groups is to support collaboration within the Office 365 environment. Office 365 group members can be set up to access a SharePoint list, a shared folder in OneDrive, a conversation group in Yammer, a folder in Delve and many other online resources.
More information on using Office 365 groups is available on the Learn about Office 365 groups Microsoft support page.
CDS Groups vs. Office 365 Groups
Keeping track of group functions in the University's environment can be confusing when you are discussing My Pitt Email. This is because My Pitt Email allows users to send mass mailings to group IDs managed by CDS (via the Accounts Administration web site) as well as Office 365 groups. Both CDS and Office 365 group IDs appear in the global address list and can be made available to multiple users for mailing. So which group convention should you use?
For larger projects or longer-duration efforts, you should lean towards using CDS groups that are set up by your area's RC Admin, especially if you are setting up a group to support a University function or project. This is because CDS groups can also be used to enable access to file shares, network zones where file servers live and Outlook resources like a shared calendar.
Office 365 groups are the good choice for projects that don't require access to a University file server, web site or network zone because all of the collaboration will be happening in Office 365 using OneDrive, SharePoint, Delve or Yammer. Since they don't require an RC Admin to be set up; any student, faculty or staff member can establish an Office 365 group quickly. Another advantage to using Office 365 groups (versus CDS groups) is that you can add non-University members to your Office 365 collaborative environment. They don't need to have a University account but do need an Office 365 account of some kind (institutionally-sponsored or personal) in order to be added to an Office 365 group.
If your collaboration efforts will be lmited to just sharing files (and providing feedback or commentatry on shared files), you can also consider using Box.
The University's agreement with Box allows for access to any student, faculty or staff member to share files in the Box environment with Pitt as well as with others from outside the University that have a Box account of some kind. Delegation of access via groups in the Box environment is not supported. You can enable access to a Box folder for collaboration by adding usernames to the list of IDs that can view or edit documents in the folder. But you can't organize the list of names into a group ID that you can recycle for other folders. So Box is a good option to consider for one-off collaborative efforts that only require access and shared comments/feedback on documents. If you find that you need to continually recreate and repopulate the user lists for Box folders, consider moving your collaborative review/commentary hosting to OneDrive in Office 365 and using Office 365 groups.