Creating a new
OU within IFAS

Instructions for when a new People OU is created and a corresponding Department OU is then needed:

Note...you will need to be a member of the . IFAS AD ADMINS Group to perform these steps.

1. Copy Description of OU from the People OU
2. Create OU in ad.ufl.edu/UF/Departments/IFAS/-Central-IT/Groups/Admin Groups
3. Create . IFAS-ADMN-OU Group
4. Create . IFAS-ADML-OU Group
5. Create . IFAS-ADM-OU Group
6. Add . IFAS-ADMN-OU group to the "Members" tab of . IFAS-ADM-OU
7. Add . IFAS-ADML-OU group to the "Members" tab of . IFAS-ADM-OU
8. Add . IFAS-ADM-ALL group to the "Member Of" tab of . IFAS-ADM-OU
9. Add . IFAS-ADM-CO-MANAGED or . IFAS-ADM-UNIT-MANAGED group to the "Member Of" tab of . IFAS-ADM-OU
10. Add . IFAS-ADML-CO-MANAGED or . IFAS-ADM-UNIT-MANAGED group to the "Members" tab of IF-ADML-OU
11. Add . IFAS-ADML-ALL group to the "Member Of" tab of IF-ADML-OU
12. Add . IFAS-ADMN-CO-MANAGED or . IFAS-ADMN-UNIT-MANAGED group to the "Members" tab of IF-ADMN-OU
13. Add . IFAS-ADMN-ALL group to the "Member Of" tab of IF-ADMN-OU
14. Delegate Control of the OU
15. Select the group IF-ADMN-OU
16. Select Create a custom task to delegate
17. Select this folder, existing objects in this folder, and creation of new objects in this folder
18. Select everything but full control
19. Delegate Control of the OU
20. Select the group IF-ADMN-OU
21. Select Create, delete and manage user accounts
22. Create OU in \\UFDC01\IFAS-SCRIPTS
23. Give . IFAS-ADMN-OU Modify permissions
24. Create a GPO
25. Open Group Policy Management Console
26. Select Create and Link a GPO
27. Name it IF-OU Computer
28. Right Click and select edit
29. Expand Windows Settings
30. Expand Security Settings
31. Expand Restricted Groups
32. Add Group
33. Type UFAD\IF-ADM-OU
34. Click add under this group is a member of:
35. Type Administrators
36. Click OK

The new OU should now be properly configured.