Microsoft Active Directory

This document contains core information about Microsoft Active Directory on FIT.

Please note: Novell Netware server were shut down in 2013. Windows XP support was dropped in 2017 (no more SMBv1 connections possible any more).

Accounts and Password

Active Directory accounts are maintained automaticaly, names and validity is based on faculty information system. New account is created with initial account password. If this is not stored in information system random string is used instead. Owners of older accounts or users who have changed their initial password should use Set password for Active Directory in faculty information system. Studenti in IS FIT in tab Passwords, eployees in section Operation, news, business trips. Active Directory password is set to the same one used to logg in to IS.

Where to Find Your Stuff

There are two file servers with disk capacity over 7TB each. Server Fik is for students, staff members use server Aja. Home directory is mapped to P:, network applications are stored at shared drive mapped to Q:. You can find there everything you might have been used to since old Novell days. This is default for computers which are domain members only. Your own device must either become a domain memer or you have to map network drives yourself or - which is even better - use UNC format, e.g. \\aja\app etc. Notebook should be never ever a domain member.

Some other useful network locations (staff only):

  • shared data for workgroups - S: (\\aja\fit)
  • drivers and instalation images of applications - \\aja\install

Roaming Profiles

Some parts of roaming profiles cannot be shared across different Windows versions. Microsoft's solutions is to separate profiles using suffix, Windows 7 profile with .V2, Windows 10 with .V6. If you are going to use different Windows version alternatively you will end up with two independet profiles. This may cause som problems, so how to deal with it?

  • create folder named Documents on your P: drive
  • start expolrer (using key Win-E or double clicking This Computer icon), add netowrk directory P:\documents to Documents Library and set it as default,
  • do not store any data on your Desktop, except links to your network drive P:,
  • redirect your application data to drive P: if possible (e.g. Mozilla Firefox or Thunderbird), or synchronize them by hand.

Roaming Profiles for Staff

Staff members can choose from 3 options. In computer labs and lecture rooms roaming profiles are used in any case.

  1. Default situation: computer is a domain member, domain account is used with roaming profile.
  2. Recomended configuration for Ph.D. students, teachers and research workers: computer is a domain member, domain account is used, but user profile is set to local. In lecture rooms and labs is used your roaming profile while on your own PC local profile is used.
  3. Alternative option: computer may be a domain member but local account is used, network drives must be mapped by hand. Roaming profile is used in lecture rooms and labs only.
  4. If the computer is not a domain member (e.g. notebok) situation is similir to previous case except Windows do not trust domain so you may be asked to use your password more often.
It is recomended to store your documents on the file server in any case.


Network printers are available over Windows file server. In computer labs and faculty library student server Fik is used (available for both students and staff members), all other printers are available over server Aja for staff members only. Again, there are more than one choices. However, students can use the first one only.

  1. Use the printer already defined in system.
  2. Use any printer published in Active Directory (may be restricted by user priviledges): choose the printer you need to use and since then it is available for you in your user profile. Printer driver is either not installed locally or is supplied by print server.

Access From Computer Which Is Not a Domain Member

The resources of Active Directory servers (shared disk and printers) can be used from computer which is not a domain member. When any resource of a server is requested for the first time system asks for user credentials, i.e. login name and password. If you type just your login name it is in fact MYPC\login which is not valid for domain logon. You have to type in your login with domain name, FIT\login or In case you do not use domain name you may wait for quite long time before you are notified your credentials are not valid. The same should be used for command line (example for staff members):

c:\> net use p: \\aja\zam\login /user:fit\login
and for students:
c:\> net use p: \\fik\stud\xt\xtest99 /user:fit\xtest99
If your computer is not connected to FIT LAN you should use VPN first.

In computers outside FIT LAN (e.g. notebooks) it is recomended not to use drive letters and use UNC instead. When VPN is disconnected system may try to acces mapped drives which can cause delays.

Back to Important Information and Guides

Your IPv4 address:
Switch to IPv6 connection

DNSSEC [dnssec]