Manifest - Publish Group to Active Directory Services
Manifest allows group administrators to push the group to Active Directory Services (ADS). This functionality provides a synchronized Global Group in Active Directory Services, allowing users to manage group membership in a single place, the Manifest UI.
Prerequisites
To publish a group to Active Directory Services, you must be a ADS customer. If your department does not currently have an Organization Unit (OU) in Active Directory Services, please request one before proceeding.
For an explanation of when to publish a Manifest group to Active Directory Services, and when to use a native AD group, please see Manifest and Active Directory Group Guidelines.
How to Publish Groups to Active Directory Services
New Groups
-
Create a new group (see Manifest - Create a Group) and click Advanced Options on the Create new group screen.
-
Under the Delivery/connection options heading, check the Publish to Active Directory Services box.
-
In the Comments field, enter your Active Directory Services department code. Your department code is the name of your Organizational Unit (OU) in Active Directory Services.
-
Click Create Group.
-
Once the group has been successfully created, record the UUID from the web page URL (e.g. https://manifest.services.wisc.edu/Group/Index/280abc5d36544efghi8j4k5lmn296770). This will be name (CN) of the group published to Active Directory Services.
Existing Groups
-
Navigate to the group you would like to publish by clicking Details in My groups.
-
Click the More actions dropdown and then click Edit delivery/connection options.
-
Under the Delivery/connection options heading, check the Publish to Active Directory Services box.
-
In the Comments field, enter your Active Directory Services department code. Your department code is the name of your Organizational Unit (OU) in Active Directory Services.
-
Record the Manifest group UUID from the web page URL (e.g. https://manifest.services.wisc.edu/Group/Index/280abc5d36544efghi8j4k5lmn296770). This will be name (CN) of the group published to Active Directory Services.
-
Click Save.
What Happens Next?
Once you have requested that your group be published to Active Directory Services, it will be reviewed by administrators. After verifying that the group will be used by a valid Active Directory Services customer, the request will be approved. If you are not yet a Active Directory Services customer, administrators will request that you submit a new OU / new OU Administrator request by using this form..
Once your publish request has been approved, it will be pushed to Active Directory Services.
If you would like a status update regarding the request to be pushed to Active Directory, please contact activedirectory@doit.wisc.edu.
How to Use the Group in Active Directory Services
This section assumes a general knowledge of Active Directory group structure and functionality. If you have questions about groups in Active Directory, please contact activedirectory@doit.wisc.edu.
The most effective way to leverage a Manifest group that has been pushed to Active Directory Services is to add it as a member of a Domain Local or another Global group located in your OU. If you will be using the Manifest group frequently, it is recommended that you add it as a member of a Global group in your OU to facilitate searching. Please see Campus Active Directory - Security Group Management Recommendation for AD grouping best practices.
Manifest groups will be published to the following location in Active Directory Services:
Location: OU=Manifest,OU=Groups,OU=Wisc
You may also search for the group using the name (CN) or the description which will appear as follows in Active Directory Services:
Name (CN): 280abc5d36544efghi8j4k5lmn296770
Description: uw:domain:mysite.wisc.edu:my_group_id