Versions Compared

Old Version 2

changes.mady.by.user user-29411

Saved on

compared with

New Version Current

changes.mady.by.user user-29411

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Excerpt

Add users via https://manage.ad.cornell.edu/adadmin. Documentation for facility managers using fileshare services managed by ChemIT and provisioned by CIT (Active Directory and SFS file shares). Includes reminder notes for Chemistry IT staff.

 

...

Table of contents

Table of Contents

See also

toc
Children Display
depth3
styleh3
excerpttrue
excerptTypesimple

How do I, as a facility manager, add a person to the facility's file share?

Managers Facility managers at NMR and XRay can add people directly to existing groups. Follow these steps:

  1. (A) Add user to appropriate group in Cornell's Active Directory (AD). Login to <https://manage.ad.cornell.edu/adadmin> with your ADM account. You should be able to add users as needed. Let Chemistry IT know if you have troubles accessing this interface.
    • NMR: In the upper left hand corner, just search AS-CHM-NMR-Share and you should be presented with the list of all NMR groups.
      • Note that NMR's Linux accounts are not done managed through ChemIT. Thus, those NMR instrument accounts are provisioned directly by Ivan, in NMR. ChemIT does not need to know about those account changes.
    • XRay: In the upper left hand corner, just search AS-CHM-XRAY-Share and you should be presented with the list of all XRay groups
    (B) Select group by clicking its name. Near the top, center of that page, click on the pull-down menu, where it says, "-> General Properties". Select "Members", then:
    • Near upper-left, click on "Add..." button. Enter desired NetID in search, click the NetID to move it to the section below on that screen, and then click <OK>.
  2. Create user's folder since this folder must be created before the first use of the instrument. A user can't do this from an instrument computer. Although a user can do this themselves before they get to an instrument computer, facility manager should do this as a courtesy, even though not strictly required.
    • NMR: Within NMR's fileshare (CIT's SFS), use own ADM account to create a folder with group's folder, using user's NetID as the folder's name.
    • XRay: Within XRay's fileshare (CIT's SFS), use own ADM account to create a folder with group's folder, using user's NetID as the folder's name.

NOTE 1: Ignore (rare) FERPA-related errors

You may safely ignore the rare "Error: Access is denied. (...) An error occurred during the last operation.". This error refers you to a FERPA OU object, such as:

  • CN=(a NetID),OU=FERPA,OU=Students,OU=NetIDs,OU=CUniv,DC=cornell,DC=edu

NOTE 2: Creating or removing groups requires requires Chemistry IT staff

  • Chemistry IT staff still

...

  • need to make new groups in Active Directory and the new folders. Therefore please contact us directly for those requests. Thank you!

How

...

do Chemistry IT staff add a new group to a facility's file share?

Chemistry IT staff's steps: (to be defined!)

How can a facility manager quickly check what groups are already in AD?

Use the AD website lookup tool:

How do Facility Managers clean out users given access to their facility's share who no longer should have access? How do I remove a group?

  • The process of keeping group membership's current is left up to each Facility's staff's discretion.
    • If help is wanted, please contact Chemistry IT for a consultation.
  • Group removal will require coordinating with Chemistry IT. Thanks!

How does a facility user access a facility's file share?

What rights do my users have on my facility's file share, from their accounts?

...

What rights do my instrument accounts have on the facility's file share?

Read , and Create (?) permissions. Not Change, however.

  • This allows directory browsing when using an instrument to whatever is the required folder to deposit resulting instrument files, regardless of user. And no ability to change or remove anyone's work, including one's own.
  • Caveat: Although user can create a folder within a permitted folder, can't rename the folder from the instrument.
    • Make such changes on the desktop before moving files to server. Or, make the changes using user's account.
  • Removing or changing anything must be done from within a user's account, and this is restricted to the location of the permitted directory (folder) for that user. (Thus, only within that user's research group's folder).
    • Same thing for the facility manager's Admin account, but without the limited directory (folder) restrictions.

How do I add a group? (ChemIT)

ChemIT staff's steps:

  • Confirm group does not exist in AD and on the fileshare structure.
  • In AD (Quest), add research group.
  • For NMR requests: Within NMR's fileshare (CIT's SFS), use own ADM account to create folder with group's folder, using NetID as the folder's name.
    • User can't do this from an instrument computer; they or NMR staff would first have to create the folder before the first use of the instrument. Hence, ChemIT staff doing so as a courtesy, even though not strictly required.

What are the NMR instruments this pertains to? (ChemIT)

  • GC Mate
    • Location: Old Protein Lab space, B78 ST Olin. (Used to be in B-level Baker.)
  • Exactive/ DART
    • Location: Old Protein Lab space, B78 ST Olin. (Used to be on the 4th floor, in ST Olin.)
  • Bruker/ AV500
    • Location: B63 ST Olin.
    • Note: This system's billing kiosk is located in the old Protein Lab space, B78 ST Olin.

What is the X-Ray instrument this pertains to? (ChemIT)

  • TBD

How does my user access my facility's file share?

Your users must add their own folder's name to the path structures show below. This is usually the PI's last name in place of "Groupname" in the examples below:

For Windows:

  • NMR ---> \\files.cornell.edu\AS\CHM\NMR\Groupname
  • X-ray—> \\files.cornell.edu\AS\CHM\Xray\FinalizedData\Groupname

For Mac using Mac OS 10.7 (Lion) and above:

  • NMR ---> smb://files.cornell.edu/AS/CHM/NMR/Groupname
  • X-ray—> smb://files.cornell.edu/AS/CHM/Xray/FinalizedData/Groupname

See the facilities documentation for more details.

  • NMR's documentation: (where is it?)
  • X-ray's documentation: (where is it?)

For NMR, most users user files are under a research group, so will use the appropriate group name (in place of "Groupname", above). The few users who are not in a group are to use the following as their group name:

  • OtherUsers

ChemIT's general instructions to connect to a file share:

How will we clean out users given access to our facility's share who no longer should have access? How do I remove a group?

  • Facility's staff should work with ChemIT staff to go through their list of file share users and groups
    • .