About Protected Groups

Protected Groups enable Departments to create non-searchable, FERPA-compliant Security Groups in Active Directory.

Access to read (view group members) and write (update group members) to the Protected Groups is limited to the accounts specified by the Department.

Protected Groups can be used to assign permissions to campus resources that authenticate using Austin Active Directory, like Austin Disk.

Protected Groups will be named using the Department OU Name  followed by a random alphanumeric string. The random string is required to prevent gathering of group information via the "memberOf" backlink attribute.

Requesting a Protected Group

1. Ensure that you have a Department OU in the Austin Active Directory.
2. Submit an AD Request specifying your Department OU Name and how many Protected Groups you are requesting.
   For each group that you are requesting provide which non-EID accounts should have permission to read (view group members) and write (update group members).
   The non-EID accounts are created through the Department User Tools by the owners of the Department OU.

Upon request, we can create a master reader and writer group for each department to simplify management of multiple protected groups.