Note: This page contains information on the current Active Directory implementation at Penn State. For information on the upcoming ONEForest project, see the ONEForest Community Newsletter.
Information Technology Services (ITS) at Penn State provides the ACCESS.PSU.EDU Windows Active Directory Root domain to be used by the University community. Doing so allows colleges, departments, and administrative units the ability to leverage infrastructure used for core digital credential management. ITS offers this service so that units may leverage authentication (Kerberos 5) and authorization (LDAP) services.
The service allows a user to gain access to applications and data on a remote computer over a network. It handles the job of authenticating clients, as well as making the applications available remotely. It is also entrusted with the job of restricting the clients according to the level of access they have. Microsoft Active Directory includes internal support for Active Directory Services.
The goal is to provide units with maximum flexibility and control over their own Microsoft Active Directory infrastructure without any hardware investments. Creating a stable infrastructure based on supported Microsoft technologies helps to promote autonomy among different units at Penn State. Group Policy Objects (GPO) are up to the discretion of the individual unit.
- Join as an OU in the ACCESS domain
- Join as a Child domain
Service Availability & Maintenance
To keep systems running at peak performance and to ensure the best possible service, routine testing and maintenance is performed during the daily maintenance window from 5:00 a.m. to 7:00 a.m. EST/EDT. During this time, systems and services may be affected. Unanticipated urgent service issues may require maintenance at other times.
There is no charge to Penn State customers for this service.
Customers and Users
The service is available to–and used by–Penn State departments.
To start with Active Directory, you need to understand the Windows environment at Penn State. After examining the Forest’s layout and how Active Directory works, choose the best option for your organization. Next, apply for that option; upon application, you will receive the necessary accounts and passwords. Finally, use the “How to” section of this site to guide your implementation.
- Script Repository
- Troubleshooting and FAQs
- Profiles (Roaming vs Redirected Profiles in the ACCESS domain)
- How To and Best Practices Documents
- Map PSU U Drive
- Penn State Windows Active Directory Whitepaper
- Forest Design
- Windows 8, 8.1, 2012, and 2012R2
- Roaming vs Redirected Profiles in the ACCESS domain
- Naming Policy for the ACCESS Forest
- Windows 8 and Server 2012 External Kerberos Realm Hotfix
- psuksetup.reg file (available from Penn State downloads site)
- ONEForest Project Plan
- Group Policy Settings Reference for Windows® and Windows® Server
- University of Michigan Windows® Services
- Troubleshooting Kerberos Delegation
- Troubleshooting Kerberos Errors