icon-symbol-logout-darkest-grey

ServiceActive Directory

University-wide authentication service

Since 2003, the URZ has operated a Microsoft Windows Active Directory domain. This domain is primarily used for university-wide authentication and authorization. In addition, the domain manages employee PCs as well as public computers available at the URZ and at some institutes.

The name of the domain is ad.uni-heidelberg.de. We operate several domain controllers as Windows servers in case a domain controller fails.

URZ-managed user accounts are automatically created in the domain. IT representatives are authorized to create user accounts and computer accounts for their own organizational unit. In order to do this, first you must submit a registration for an institute connection.

Target group

  • IT representatives

Use

Institutes can obtain their own registration to the Windows Active Directory domain, through which they received the rights to set up computer accounts, see Registration for an institute connection.

Access and requirements

Registration for an institute connection to the Active Directory domain

In principle, all institute computers can be integrated into this system in one form or another, as long as they are equipped with Windows 10 or newer and Windows Server 2016 or newer.

The most suitable form of the connection to the domain is dependent upon the functionality of the individual devices and the question of how much administrative and maintenance work can/should be done at the institute versus at the URZ.

Generally speaking, there are 2 possibilities for how an institute manages its Windows environment:

  1. An independent domain (island)
  2. An Organizational Unit (OU) for devices within ad.uni-heidelberg.de

For PC Pools that use URZ user IDs, we recommend: OU within ad.uni-heidelberg.de.

The following table will highlight the differences among the options:

Table

 Independent domain (island)OU within ad.uni
 Independent domain (island)OU within ad.uni
Separate user ID
Yes
Yes
Works with URZ user ID
No
Yes
PC Pool Service
No
Possible
Separate domain controller required
Yes
No