Add users via https://manage.ad.cornell.edu/adadmin. Documentation for facility managers using fileshare services managed by ChemIT and provisioned by CIT (Active Directory and SFS file shares). Includes reminder notes for Chemistry IT staff.

Table of contents

See also

How do I, as a facility manager, add a person to the facility's file share?

Facility managers at NMR and XRay can add people directly to existing groups. Follow these steps:

1. (A) Add user to appropriate group in Cornell's Active Directory (AD). Login to <https://manage.ad.cornell.edu/adadmin> with your ADM account. You should be able to add users as needed. Let Chemistry IT know if you have troubles accessing this interface.
   
   • NMR: In the upper left hand corner, just search AS-CHM-NMR-Share and you should be presented with the list of all NMR groups.
     
     • Note that NMR's Linux accounts are not managed through ChemIT. Thus, those NMR instrument accounts are provisioned directly by Ivan, in NMR. ChemIT does not need to know about those account changes.
   • XRay: In the upper left hand corner, just search AS-CHM-XRAY-Share and you should be presented with the list of all XRay groups
   (B) Select group by clicking its name. Near the top, center of that page, click on the pull-down menu, where it says, "-> General Properties". Select "Members", then:
   
   • Near upper-left, click on "Add..." button. Enter desired NetID in search, click the NetID to move it to the section below on that screen, and then click <OK>.
2. Create user's folder since this folder must be created before the first use of the instrument. A user can't do this from an instrument computer. Although a user can do this themselves before they get to an instrument computer, facility manager should do this as a courtesy, even though not strictly required.
   
   • NMR: Within NMR's fileshare (CIT's SFS), use own ADM account to create a folder with group's folder, using user's NetID as the folder's name.
   • XRay: Within XRay's fileshare (CIT's SFS), use own ADM account to create a folder with group's folder, using user's NetID as the folder's name.

NOTE 1: Ignore (rare) FERPA-related errors

You may safely ignore the rare "Error: Access is denied. (...) An error occurred during the last operation.". This error refers you to a FERPA OU object, such as:

• CN=(a NetID),OU=FERPA,OU=Students,OU=NetIDs,OU=CUniv,DC=cornell,DC=edu

NOTE 2: Creating or removing groups requires requires Chemistry IT staff

• Chemistry IT staff still need to make new groups in Active Directory and the new folders. Therefore please contact us directly for those requests. Thank you!

How do Chemistry IT staff add a new group to a facility's file share?

Chemistry IT staff's steps:

How do Facility Managers clean out users given access to their facility's share who no longer should have access? How do I remove a group?

• The process of keeping group membership's current is left up to each Facility's staff's discretion.
  • If help is wanted, please contact Chemistry IT for a consultation.
• Group removal will require coordinating with Chemistry IT. Thanks!

How does a facility user access a facility's file share?

• Accessing file shares for NMR and X-ray facilities
  • Accessing your NMR facility data
  • Accessing your Xray facility data

What rights do my users have on my facility's file share, from their accounts?

• Read and write.
• Accessible from their private computers.
• Not accessible from the instrument computers, which have their own instrument accounts with different rights.
• From off-campus, user must use VPN. (File share protocol.)

What rights do my instrument accounts have on the facility's file share?

Read and Create permissions. Not Change, however.

• This allows directory browsing when using an instrument to whatever is the required folder to deposit resulting instrument files, regardless of user. And no ability to change or remove anyone's work, including one's own.
• Caveat: Although user can create a folder within a permitted folder, can't rename the folder from the instrument.
  • Make such changes on the desktop before moving files to server. Or, make the changes using user's account.
• Removing or changing anything must be done from within a user's account, and this is restricted to the location of the permitted directory (folder) for that user. (Thus, only within that user's research group's folder).
  • Same thing for the facility manager's Admin account, but without the limited directory (folder) restrictions.