Date Last Reviewed:
03/08/2007
New Organizational Units / Departmental containers based on the HR NIU Enterprise Organizational chart are in place as part of the NIU Enterprise Directory integration process. All defined departments will eventually be managed from these new containers.
Return to Overview
Each department defined in HR will have a single predefined departmental container created for all new employees working for that department (defined by the department number that they officially are hired into in Human Resources). Current users for a specific department or grouping, existing else ware in other directory containers within the current NIU Directory tree, will be migrated from their existing containers to their new departmental containers, along with existing resources according to an arranged schedule.
Return to Overview
At this point, all student and graduate assistant employees hired through the HR PeopleSoft System will be placed into their own corresponding containers in the NIU Enterprise Directory. They will no longer be placed into the hiring departmental container, as many work for multiple departments simultaneously. Groups will need to be created in their respective departmental containers for these accounts in order to grant them special rights and access. The student and graduate assistant employee accounts will then need to be added into these groups by the local LAN administrator. This group concept allows student and graduate assistant accounts to be managed by multiple departments without any one department owning them.
The actual student and graduate assistant container (OU) locations are:
StudentEmployees.NIU and GraduateAssistants.NIU
In addition, an environment variable called LOGINSCRIPT will need to be placed on any workstation these students will be using. This is for the purpose of managing the login script for the student or graduate assistant employee. (Creation of this variable is explained later in this document.)
Return to Overview
Creation of employee accounts within the NIU Enterprise Directory and Microsofts Active Directory (NIUNT) will occur automatically when the employee is hired and entered into the HR PeopleSoft system. This is no longer a separate process. In addition, when an existing employee changes their department of employment through HR, that employees account will be automatically moved to their new departments organizational unit. An email notification will be sent to the terminating and hiring departments of the changes that occurred.
Return to Overview
New staff employee accounts will be created automatically into the hiring departmental container. This will occur when they are entered into the HR PeopleSoft system.
Return to Overview
New student and graduate assistant employee accounts will be created automatically in their corresponding StudentEmployees and GraduateAssistants containers when they are entered into the HR PeopleSoft system. The local LAN administrator will then be responsible for adding these new student employees to the groups defined within their departmental container. This needs to be completed if the new student or graduate assistant employee needs to be given special rights and access to their corresponding departmental container.
To provide login script control to local LAN administrators, a default container login script has been associated to the StudentEmployees and GraduateAssistants containers. This login script makes a call to an environment variable called LOGINSCRIPT. This environment variable needs to be placed on the logging in workstation and set to the fully qualified path of a login script to be run for the specific student or graduate assistant employee.
Return to Overview
The following container characteristics will be in place for all containers:
The policy for home directory location will be based on the existing policies in the current departmental containers. If a change to another location is needed, a request, as it currently exists today, needs to be made.
Return to Overview
Return to Overview
A default login script (called User$Log_Dat) will be placed in the containers. Each container (OU) will be granted read access to the profile object. This default login script can be modified and additional trustee rights can be granted. It will contain the following:
Return to Overview
Creating login scripts are pretty much the same as creating groups (discussed below), but the Profile object type is used rather than Group object type.
Return to Overview
NOTE: ConsoleOne is required to perform this functionality. You may download it online by going to www.helpdesk.niu.edu > Technical Support Staff
Return to Overview
Login to the Novell NIU tree and run ConsoleOne.
Navigate to the department OU where the new group is to be created and highlight the target container.
Right click with the mouse, and choose New, then Group. See diagram below:
Type the name for the group to be created in the dialogue box. Select OK.
Return to Overview
Select/Highlight the group.
Right click with the mouse and choose Properties.
Select the Members tab in the Properties of Students dialog box and then select Add...
Locate the Conainer/OU containing the user account to be added in the Select Objects dialog box, and click on the container.
Select the user to be added and click OK.
Select OK on the Members tab to complete the adding of the user to the group.
Return to Overview
To read a specific login script, a specific user, member of a group, or member of a container (OU) must be made a trustee of the profile containing the login script. To do this, right click on the desired profile object and select Trustees of the Object.
In the Properties of profile object dialog box, select the NDS Rights tab; then select Add Trustee.
In the Select Objects dialog box locate the User, Group, or OU needing rights to read the login script.
Select the User, Group, or OU needing rights to read the login script and then select OK.
The Rights assigned to selected objects dialog box will appear; in most cases where read only access is required accepting the default settings will suffice.
Select OK to accept rights assignments.
 |
 |
In the NDS Rights tab of the properties dialog box select OK to apply the change and close the box.
Return to Overview
Return to Overview
Return to Overview
Note 1:LANAdmin cannot modify student accounts. LANAdmin can create groups and then add students to groups. If students need access to specific applications, assign rights at the group level.
Note 2: Environmental Variables (EV) - must physically be entered on every PC/Workstation the student will or may use. The EV should point to the profile in the new container that the students are to use when logging in.
To set up the EV referenced by the StudentEmployees.NIU & GraduateAssistants.NIU containers' login script on a local machine (using Windows XP as an example):
Login to the local workstation as the workstations administrator.
Navigate to the Control Panel and click on System.
Under System Properties select the Advanced tab.
select the Environment Variables button.
On the Environment Variables dialog box in the System variables section select New to create a new system environment variable.
For the Variable name field in the New System Variable dialog box, type in LOGINSCRIPT. This should be as one word and all in upper case.
For the Variable value, type in the profile objects fully qualified NDS name including the leading period to point to the profile/login script that is to be run. For example:
.User$Log_Students.InfoSvc.InfoTech.GenAdmin.DK.NIU
The LOGINSCRIPT variable can also point to the default department profile object. For example:
.User$Log_Dat.InfoSvc.InfoTech.GenAdmin.DK.NIU
Accept by selecting OK.
Select OK in the Environment Variables dialog box to accept the change. The environment variable is now in place for all users that login to this workstation.
Return to Overview
The print Queue approach is being replaced by the use of NDPS printer agents. For currently existing print queue based printing, a new NDPS printer agent will need to be created. This NDPS printer agent can be created in the new Department container, and, through the use of Group assignments, access can be granted to both new employees created in the new container and existing employees who are currently residing in the existing old Department container. Converting to NDPS printing will involve going to every workstation requiring printing services and converting the printer setup to the new NDPS printer setup. Until this conversion process to NDPS printing is completed, the old print queues will not be disabled, and rights to print to them can be granted to new employees.
For existing NDPS printer agents, rights will need to be established and granted for the new departmental containers (OU). These need to be placed at the container/OU level.
Return to Overview
Use the ITS Printer Setup Request Form located at: http://www.niu.edu/its/apps/pas/ to request NDPS printer setup. Use the Billing Account Number of 111111 to not be billed.
Enter the new container name in the NDS Context field, and the old container name in the User Object List field.
Please enter comments similar to the following in the Comments box at the bottom of the form:
This is not a new printer, but is a request to convert a print Q to a printer agent
in conjunction with a departmental move within new NIU Enterprise Directory.
Make sure the old container listed in the User Object List field is granted rights to
the new printer agent, as well as granting the new container rights to the old queue.
This printer already has the following IP: 131.156.195.108
Would like to keep this IP is possible.
Return to Overview
Requires NDPS printer support in the current Novell client installation, or installation of the current ITS provided Novell client.
Return to Overview
Create workstation policies for use with Novells Zenworks to manage imported workstations.
Return to Overview
This includes granting rights for the new container to the Public Directory on the system volume of their server, if they have one; granting rights for the Uamgr organizational role in the new container to their servers, if the have one; granting rights to application volumes or other locations where user data & applications reside. The granting of rights will need to be requested if they dont have the sufficient rights to do so.
Return to Overview
Contextless login support for Novell needs to be downloaded and installed on all workstations connecting to the NIU Enterprise Directory. The current Novell Client can be downloaded from the ITS website if it is not already in place. This will assist with login problems that may be encountered when the time comes to migrate current users from their current container/context to their new container/context.
Return to Overview
If a Workstation Import Policy is required to import workstations into NDS and manage the workstations with Novells Zenworks for the new container, the Helpdesk will need to be contacted.
Return to Overview