This document contains core information about Microsoft Active Directory in FIT computer network.
Please note: Novell Netware server were shut down in 2013. Windows XP support was dropped in 2017 (no more SMBv1 connections possible any more).
Accounts and Password
Active Directory accounts are maintained automaticallly, names and validity is based on faculty information system. New account is created with initial account password. If this is not stored in information system random string is used instead. Owners of older accounts or users who have changed their initial password should use Set password for Active Directory in faculty information system. Students in IS FIT in tab Passwords, employees in section Operation, news, business trips. Active Directory password is set to the same one used to login to IS.
Where to Find Your Stuff
There are two file servers with disk capacity over 7TB each. Server Fik is for students, staff members use server Aja. Home directory is mapped to P:, network applications are stored at shared drive mapped to Q:. You can find there everything you might have been used to since old Novell days. This is default for computers which are domain members only. Your own device must either become a domain member or you have to map network drives yourself or - which is even better - use UNC format, e.g. \\aja\app etc. Notebook should be never ever a domain member.
Some other useful network locations (staff only):
- shared data for workgroups - S: (\\aja\fit)
- drivers and installation images of applications - \\aja\install
Some parts of roaming profiles cannot be shared across different Windows versions. Microsoft's solutions is to separate profiles using suffix, Windows 7 profile with .V2, Windows 10 with .V6. If you are going to use different Windows version alternatively you will end up with two independent profiles. This may cause some problems, so how to deal with it?
- create folder named Documents on your P: drive
- start explorer (using key Win-E or double clicking This Computer icon), add network directory P:\documents to Documents Library and set it as default,
- do not store any data on your Desktop, except links to your network drive P:,
- redirect your application data to drive P: if possible (e.g. Mozilla Firefox or Thunderbird), or synchronize them by hand.
Roaming Profiles for Staff
Staff members can choose from 3 options. In computer labs and lecture rooms roaming profiles are used in any case.
- Default situation: computer is a domain member, domain account is used with roaming profile.
- Recommended configuration for Ph.D. students, teachers and research workers: computer is a domain member, domain account is used, but user profile is set to local. In lecture rooms and labs is used your roaming profile while on your own PC local profile is used.
- Alternative option: computer may be a domain member but local account is used, network drives must be mapped by hand. Roaming profile is used in lecture rooms and labs only.
- If the computer is not a domain member (e.g. notebook) situation is similar to previous case except Windows do not trust domain so you may be asked to use your password more often.
Network printers are available over Windows file server. In computer labs and faculty library student server Fik is used (available for both students and staff members), all other printers are available over server Aja for staff members only. Again, there are more than one choices. However, students can use the first one only.
- Use the printer already defined in system.
- Use any printer published in Active Directory (may be restricted by user privileges): choose the printer you need to use and since then it is available for you in your user profile. Printer driver is either not installed locally or is supplied by print server.
Access From Computer Which Is Not a Domain Member
The resources of Active Directory servers (shared disk and printers) can be used from computer which is not a domain member. When any resource of a server is requested for the first time system asks for user credentials, i.e. login name and password. If you type just your login name it is in fact MYPC\login which is not valid for domain logon. You have to type in your login with domain name, FIT\login or email@example.com. In case you do not use domain name you may wait for quite long time before you are notified your credentials are not valid. The same should be used for command line (example for staff members):
c:\> net use p: \\aja\zam\login /user:fit\loginand for students:
c:\> net use p: \\fik\stud\xt\xtest99 /user:fit\xtest99If your computer is not connected to FIT LAN you should use VPN first.
In computers outside FIT LAN (e.g. notebooks) it is recommended not to use drive letters and use UNC instead. When VPN is disconnected system may try to access mapped drives which can cause delays.