Michigan Medicine Group Management Tool (GMT)


Introduction

The Group Management Tool (VPN is required if not on Michigan Medicine network) enables group owners to manage the membership and permissions of software security groups, email distribution lists, and Microsoft 365 Teams, as well as other internal Michigan Medicine resources.

The web-based tool helps group owners identify the appropriate people to be included in a group, add and remove members, and grant access. Entire lists of people may be easily imported or exported.

For a comprehensive guide that details every function in the Group Management Tool, see Managing Groups at Michigan Medicine.

 

Topics

How to Request a New Group, Group Rename, or Group Nesting

Overview of Roles and Responsibilities

Searching Groups

Editing Groups

Adding or Removing Users, Owners, or Editors to/from Multiple Groups

Removing a Group

 

Useful Links

How to create a Microsoft 365 Team from an existing Michigan Medicine Group

Instructions

 

How to Request a New Group, Group Rename, or Group Nesting

  • Note: Group owners are not automatically set as members of the created group. If the group owner(s) also needs to be a member of the group, they must add themselves as a member of the corresponding Michigan Medicine group. Reference the Editing Groups section of this article.

 

Overview of Roles and Responsibilities

Two administrative roles control access and privileges to the groups:

Owners can:

  • Assign/modify editors for a group
  • Assign/modify memberships
  • View a list of owners and/or editors for a group
  • View/modify group details
  • View the group audit log
  • Define Group Types (owners can enable Email Distribution List, Windows Security, Microsoft 365 Team, etc.)
  • Note: Group owners are not automatically set as members of the group. If the group owner(s) also needs to be a member of the group, they must add themselves as a member of the corresponding Michigan Medicine group. Reference the Editing Groups section of this article.
  •  

Editors can:

  • Add members to the group
  • View a list of owners and/or editors for a group
  • View group details
  • View the group audit log

All group management functions are audited to assess yearly administrative activity. If a group has been inactive during the previous 335 – 365 days, a notification will display within the Group Management Tool with the following color indicators:

  • A Maize notification indicates the group has been inactive for 335 days
  • A Red notification indicates the group has been inactive for 358 days

Upon receiving one of these notifications (and after reviewing the group details and current membership),
the group owner should use one of the following options to extend or disable the group:

  • Click Group Details to confirm the group is still active
  • Click Edit Members to make a change to the group membership
  • Click Edit Group to make a change to the group details
  • Click Delete Group to disable the group

 

Searching Groups

You may search for within the Group Management Tool with preset filters or with the Advanced Search.

 

For a search with the preset filters, under the Locate Specific Group section, click Select All Groups Where I'm an Owner or Editor. If this box is not selected, the tool will still narrow search results to groups in which you are Owner or Editor.

Narrow the search with preset filters:

  • Show Email Distribution List Groups
  • Show Windows Security Groups
  • Show Unix Security Groups

The tool will narrow search results based on the filter(s) selected.

The Advanced Search will allow you to filter search results based on:

  • Group Name
  • Group Owner
  • Group Editor
  • Group Member
  • Description
  • Custom Tag

As each search filter is selected, you will be presented text entry fields that allow you to narrow the search.

 

In the Advanced Search, you are also able to select the group type. In the Filter By Group Function Types, select either:

  • Email Distribution Groups
  • Windows Security Groups
  • Unix Security Groups

For each of these search fields, combining more than one search selection narrows the results. For example, searching Group Owner AND Description will produce results that only contain matches to both values provided. When searching with Group Type, it is best to search with only one selected, since combining fields will only display results that meet all conditions.

 

Editing Groups

After using the search filters to narrow search results, you will see a list of search results at the bottom of the page.

 

The hyperlink more gives will provide more detail in the Group Description or Group Owners column. For example, clicking on more next to Group Owners will expand to show the complete list of owners. Click less to collapse the list.

 

If you are able to Edit Members or Edit Group, you will see these buttons to the right of the table (see image above).

In the Search Results screen, clicking Edit Members will bring up the Member Maintenance screen (pictured below).

 

This screen allows you to perform maintenance on group membership, including the following functions: Edit Group, View Group Owners, View Group Editors, View Audit Log, Add Users, Export Users, Remove Selected Users, and Remove Selected Users, and Save Local. At the bottom of the function list are Secondary Groups that are nested within this parent group.

In the Search Results screen, clicking Edit Group will bring up the Group Maintenance screen (pictured below).

This screen allows group owners to perform maintenance on the group, including the following functions:

  • Confirm Group Details (needs to occur every 365 days to keep group active)
  • Define Group Function Types (Group owners are responsible for selecting the functions needed for their specific group)
    • Email Distribution List Groups
      • Selecting this will allow group members to receive emails that are sent to this group
    • Windows Security Group
      • Selecting this will enable this group for Active Directory (AD)
    • UNIX Security Group
      • Selecting this will enable this group for UNIX access (assigns GID number)
    • Block Support Teams from Editing this Group
      • Selecting this will prevent any support team from editing this group (Only Owners and Editors will be able to edit this group)
    • Microsoft 365 Team
      • Selecting this will create a Microsoft 365  Team
  • Edit the Group Description, and add tags (used for simplified group searches)
  • Add Owners, Remove Owners, Add Users, Remove Users, Add Editors, and Delete Group
    • NOTE: Groups should have at least two owners

 

Adding or Removing Users, Owners, or Editors to/from Multiple Groups

The Group Management Tool also provides the Owner or Editor the ability to edit many groups or properties through the Edit Many Groups drop-down and the wizard associated with each action.

First, click on the tab Edit Many Groups and then select the button Indicate an Action.

 

There are six actions: Add Members, Add Owners, Add Editors, Remove Members, Remove Owners, and Remove Editors.

 

The wizard will walk you through the required steps to accomplish each action.

 

Note: The Edit Many Groups tab has several actions that permit you to upload a file for batch processing. This file must be either a .txt or a .csv file containing only one column, which is a list of Uniqnames.

For more details on this and other functions, see the comprehensive guide: Managing Groups at Michigan Medicine.

 

Removing a Group

In Group Maintenance, use the Delete Entire Group section of the window to remove the entire group. The following guidelines are important when considering deleting an entire group:

  • Upon deleting an entire group, the group will be disabled for 30 days. NOTE: Disabled groups are displayed in red in your group search lists; these groups will not be editable
  • The group can be re-enabled with the 30-day period
  • On Day 31, the disabled group will be deleted and not retrievable
  • This applies to Teams / Outlook groups and any files associated with that group