Microsoft’s Active Directory provides a convenient way to manage authentication and access control, as well as other information, for resources defined in the directory services.

Boston University’s Active Directory is configured as a single forest and Exchange organization, covering academic and administrative needs across both campuses.

Departments no longer need to purchase and maintain domain controllers. Domain controllers are centrally managed by IS&T, monitored 24 by 7, and located in several geographic areas to provide redundancy and ensure reliability. Centrally maintained information is updated constantly and need not be duplicated by departments.


  • Authentication to resources such as individual and lab computers can be offered via the standard BU login name and Kerberos password, eliminating the need to create and maintain local accounts.
  • Over 200,000 Security Groups are automatically maintained through synchronization with Boston University’s directory.
  • Organizational Unit (OU) administrators can use these automatically maintained groups to control access to resources, such as computers and files.
  • Security groups include those based on department affiliation; faculty, staff, or student status; academic major; and curriculum.
  • Security Groups are maintained for each section of each course taught each semester; membership is updated daily as students add and drop courses.

Getting Started

Prospective OU Administrators must review introductory material and then schedule a meeting with IS&T AD administrators to create departmental OUs and OU Administrator accounts.

Read the introduction for new OU administrators.