Enterprise Active Directory

System providing authentication, authorization and certificate services.

Also known as ADCU, EAD. Formerly known as Alpha.

Enterprise Active Directory is an enterprise access system which provides authentication, authorization, as well as a framework that other related services can use (AD Certificate Services, shared network storage, AD Federated Services, etc).

Throughout 2017, CUIT's Shared Drive Account Administration service will be replaced by Enterprise Active Directory, on a department-by-department basis.

The Enterprise Active Directory project at Columbia University is designed to consolidate the multiple disparate school and department-based Active Directory infrastructures into a single infrastructure spanning the entire University. This infrastructure is known as ADCU, which will replace the legacy Alpha domain.

The initial migration approach is to bring over customers and workstations into the new ADCU infrastructure and follow with servers and applications at a later date. The Central Server will eventually become a legacy service.

On this page:

Pricing

FAQ: General

Communications will be sent out to every scheduled customer following a schedule agreed upon by your school or department administrators. Generally customers will receive a general notice of upcoming migration 30 days prior to migration, followed by a notice with your exact migration date sent 1-2 weeks before your scheduled migration. Finally, all customers will receive a reminder the day before their migration and a calendar invite the day of migration.

If for some reason you cannot be migrated on your scheduled night, you should contact the CUIT Migration Team at [email protected] for reschedule as soon as possible. Please provide:

  • Your Columbia UNI
  • Your school or department
  • Your preferred date to reschedule

The following activities will take place on your migration day:

  • You will be asked to log out of your computer (but leave it powered on) by during your scheduled time period, either during lunch or after 5pm.
  • The CUIT Migration Team will connect remotely to process your workstation (which involves updating all security on your workstation to match your new login).
  • All the information tied to your user account – including username, password and all other attributes – will be copied to your new Active Directory account.
  • Your workstation will be moved over to the new Active Directory once the processing is completed.
  • The next morning when you come into work, you will log on to your workstation using the same username and password that you did the previous day, but you will actually be logging into the new Active Directory.

There is nothing you need to do to prepare for migration other than ensuring that your machine is logged off but left powered on and connected to the Columbia University network during your migration. Everything else will be taken care of by the CUIT Migration Team.

You can open a ticket with the CUIT Service Desk the same way you do for issues today, either directly by submitting a ticket in ServiceNow, or calling 212-854-1919.

FAQ: Pre-Migration

On the date of your migration, please ensure the following is in place during your specified migration time window:

- Your laptop is powered on and docked or plugged into the network jack (but you are logged out).
- Your desktop computer is powered on (but you are logged out).
- Your laptops or desktop computer is connected to the Columbia University network (Columbia U Secure).

Users are being migrated on Monday - Thursday, from 12:00 PM (noon) - 2:00 PM.

The CUIT team works with the person in your department who has been identified as the Migration Lead. Together they determine a migration schedule that is organized by delegate/departmental groupings, and that person will also make sure you receive information about the migration—how to prepare, what to expect—in advance of your migration date.

The time window is generally 2 hours long. Depending on the size of your mailbox, it might take more or less time to complete the migration.

Yes. Groups can arrange with CUIT to migrate at a different time of day on a case-by-case basis.

Evening migrations are not preferred due to the complexity of the migration and the need for onsite support to troubleshoot and resolve any issues that arise. Avoiding lost email and calendar access is our priority, and therefore business hours migrations are standard.

Yes. Provided that each machine is hardwired to a CU docking station or Ethernet cable, both should be migrated at the same time. If you have more than one work computer, please alert your Migration Lead prior to your migration date to confirm it is accounted for, and if any computers are at your home they must be brought into the office on your migration date.

No, this is not necessary. We will migrate mailboxes as they are currently set up.

No. The only difference is that instead of seeing ALPHA\UNI on the login screen, users will see ADCU\UNI.

FAQ: Account-Based Questions

For most users, the answer is yes – the login name will remain the same both before and after your migration. In a very small number of cases, your login name may be updated to match your Columbia UNI. If you fall into this group, the change will be communicated to you well in advance of migration.

Yes. Passwords are being synchronized from the old domains to the new domain so you will have the same password you had prior to migration.

Yes. The Active Directory migration will not update email addresses in any way.

Passwords in the new Active Directory domain will be securely synchronized with the Columbia UNI system. Therefore, all password changes will be initiated from Manage My UNI.

Please call the CUIT Client Support Desk at (212) 854-1919 and request a password reset, specifying the type of account you forgot it for. After verifying your identity, your password will be reset by a technician.

FAQ: Workstation-Based Questions

No. The migration tool (QMM) connects your new user account to your existing workstation profile and will preserve all settings. Nothing should be lost during migration.

Yes. We will be migrating user accounts with SID History attached.  This will provide continuous access to all file shares after the migration.

No. Backing up your files is not necessary as everything locally (on your workstation) will be preserved by the tool and everything in your file shares will be preserved by SID History.

Yes. The CUIT Migration Team will be performing pilot testing for all schools to identify any applications that do not support SID History and taking the appropriate steps to ensure you do not lose the ability to run these applications.

If the workstation is domain-joined, you will need to bring it into your Columbia University Office location on your day of migration and ensure it is powered on and connected to the Columbia network. If the workstation is not domain-joined, it will not be migrated.

Follow these steps to tell if your workstation is joined to a domain:

  • Right-click on the Computer icon and select Properties in the pop-up menu.
  • Look under the section “Computer name, domain and workgroup settings”.
  • You will see Domain: xxxx.columbia.edu (where xxx is your school domain) OR you will see Workgroup: xxxx. Domain-joined machines will have Domain entries, all others will have Workgroup entries.

Please go to Microsoft's help article on delegation and click on "Change permissions for your delegate" to confirm that everyone who should have access to your Exchange account still does.

FAQ: Post-Migration

If you have need assistance, please contact the CUIT Service Desk:

1. Submit a ticket
2. Call 212-854-1919
If a Service Desk representative cannot immediately assist you, they will contact the correct group in CUIT that can help solve your issue.

There is no access at all during your specified two-hour migration window, including the use of email on your mobile device. Once the migration is complete, the user profile updater will run after you log in to your workstation, after which you can use your computer and mobile device again (however as mentioned above, your mobile device will need to be reconfigured to receive Exchange email again).

You are welcome to ask a colleague to set up your computer prior to migration if you are out of the office (i.e., turn it on and ensure it's connected to the network). However this will result in you being unable to access your email while you are away, because the migration process is not complete until you log back in to your computer. This includes being unable to access work email on your phone or Outlook Web App.

Please contact the CUIT Service Desk or visit this Outlook help article for instructions on how to re-instate access.

Migration has varying effects, depending on your level of access to the shared mailbox:

  • If you have full access to a shared mailbox, these permissions should automatically carry over post-migration.
  • If you have “send as” privileges, you will now be able to find “send from” address in your address book by clicking the “from” button. The mailbox “from” address should be: [shared mailbox name]@adcu.columbia.edu.
  • If you are the owner of the shared mailbox, you will need to update the "send from" address by selecting the correct mailbox name in your address book: [shared mailbox name]@adcu.columbia.edu.
  • Please note: if you don’t see a shared mailbox immediately after logging in, please be patient. It can take a few hours for all shared mailboxes to be displayed after migration. If you continue to be unable to access the shared mailbox, please see the question: "My shared mailbox is not appearing in Outlook, how can I add it?" However, the simplest way to re-add the calendar may be to ask the calendar owner directly to re-share it with you.

There are some cases in which shared mailboxes do not appear in Outlook because they must be re-added back in by the user. In these cases, please follow these directions:

  1. Open Outlook
  2. Right-click your mailbox, located on the right
  3. Scroll to Data file properties
  4. Click on the Advanced button
  5. Click on the Advanced tab
  6. Click the Add button
  7. Add the shared mailbox name that you are missing and click OK

If you have tried to add your shared mailbox manually and have asked the calendar owner to re-share it with you and you still do not have access, please contact the CUIT Service Desk or visit this Outlook help article for instructions on how to re-instate access.

If the shared permissions are visible to you, no extra steps are necessary. Please ensure that the "send from" address is as follows: [shared mailbox name]@adcu.columbia.edu. You can specify this in your address book.

Yes. Your "send as" name is synced with your Preferred Name that is specified in PAC, Columbia's HR System. If you would like to change your "send as" name, then please contact the CUIT Service Desk to update your Preferred Name in PAC.

Navigate to https://outlook.office365.com from any computer or mobile device.

We recommend that Citrix users access OWA by navigating to a web browser to https://outlookwebmail.cuit.columbia.edu.

Yes. Emails sent from or sent to [email protected], UNI@[email protected] and [email protected] will all be routed correctly.

Terminal server users (who work in apps like ARC, PAC, SDR, etc.) should continue logging in as you have, using your Alpha credentials to log in to terminal servers. If you check email in the terminal server, do not use Outlook. Instead, please log in to Outlook Web App (OWA) at https://outlookwebmail.cuit.columbia.edu. This is a temporary measure until the terminal servers are migrated to ADCU.

When you log in to remote desktop, ensure any shortcuts are adapted to point to ADCU\UNI instead of Alpha\UNI for your login ID.

If you have recently updated your password, this could be the cause of your issues connecting to Columbia U Secure. Try these two easy steps to reset your automatic wifi connection.