Clever IDM Enterprise Product Guide

Active Directory OU Placement Policies

For Active Directory OU Placement Policies, there are two policy categories: Students and Employees.

Students
AD_Student_OU_Placement_Policy_main.jpg

On the Active Directory Student Policy configuration screen, there are two required settings for Organizational Unit (OU) specifications:

  • Default OU - this is the OU where accounts will be placed if they do not match any of the placement criteria defined in the policy. This can be considered a "catch-all" OU or an "undetermined placement" OU. In the event that an administrator cannot find an account in AD or if Group Policies are not being applied correctly to an account, we recommend checking if the account is in this OU and determine why it was not placed correctly by Clever IDM Enterprise. The most likely reason for not being placed correctly is data on the identity not matching criteria in any defined policies, such as grade or campus code.

  • Disabled OU - this is the OU where accounts will be moved upon being disabled. This is recommended so that accounts that are disabled can be quickly identified by administrators, cleaned up or deleted as needed, and quarantined from the application of a Group Policy.

The remaining configuration settings are where District Administrators can define granular placement policies. There is not a limit on the number of policies that can be defined; however, take care to define the policies to ensure that accounts are placed logically and that there are no conflicting policies. In the event there is a conflict, the first defined policy will always be applied.

To define a policy, perform the following steps:

  1. Give it a Policy Name. This should be descriptive of the policy so that District Administrators can understand the purpose of the policy.

  2. Select an existing OU from the drop-down.

    Note

    The OU list is pulled directly from the District Active Directory.

  3. Add one or more Rules. Rules can be combined by using and AND or an OR to apply criteria to placement in the OU. For example, a rule can be defined as the following for students in Rockaway Middle School:

    Student_Policy_Rule_1.jpg
  4. A Rule's AND Policies can be removed by clicking on the Remove Rule or Remove Policy links.

  5. Policies can be reordered by clicking on the arrow next to the policy name.

    Reorder_Policy.jpg
  6. Once the policies are set, click the Save Policies button at the top of the configuration screen.

    Active_Directory_Student_Policy.jpg
  7. Policies can be adjusted or configured at any time, even after saving them.

Employees
AD_Employee_Policy_Main.jpg

Configuration of Active Directory Employee Policy is similar to the Student Policy. There are two required settings for Organizational Unit (OU) specifications:

  • Default OU - this is the OU where accounts will be placed if they do not match any of the placement criteria defined in the policy. This can be considered a "catch-all" OU or an "undetermined placement" OU. In the event that an administrator cannot find an account in AD or if Group Policies are not being applied correctly to an account, we recommend checking if the account is in this OU and determine why it was not placed correctly by Clever IDM Enterprise. The most likely reason for not being placed correctly is data on the identity not matching criteria in any defined policies, such as grade or campus code.

  • Disabled OU - this is the OU where accounts will be moved upon being disabled. This is recommended so that accounts that are disabled can be quickly identified by administrators, cleaned up or deleted as needed, and quarantined from the application of a Group Policy.

The remaining configuration settings are where District Administrators can define granular placement policies. There is no limit on the number of policies that can be defined; however, take care to define the policies to ensure that accounts are placed logically and that there are no conflicting policies. In the event there is a conflict, the first defined policy will always be applied.

To define a policy, perform the following steps:

  1. Give it a Policy Name. This should be descriptive of the policy so that District Administrators can understand the purpose of the policy.

  2. Select an existing OU from the drop-down.

    Note

    The OU list is pulled directly from the District Active Directory.

  3. Add one or more Rules. Rules can be combined by using an AND or an OR to apply criteria to placement in the OU. For example, a rule can be defined as the following for Teachers in Pineapple Elementary School:

    Teacher_Policy_Rule_1.jpg
  4. A Rule's AND Policies can be removed by clicking on the Remove Rule or Remove Policy links.

  5. Policies can be reordered by clicking on the arrow next to the policy name.

    Reorder_Teacher_Policy.jpg
  6. Once the policies are set, click the Save Policies button at the top of the configuration screen.

    AD_Employee_Policy_Save.jpg
  7. Policies can be adjusted or configured at any time, even after they are saved.