 |
Current Project Status
Updated: July 16, 2008
It has been a while since the last update and we have made great progress. We completed the build out of the Active Directory infrastructure. There
is an outstanding issue with Identity Lifecycle Manager (ILM) receiving incremental updates from the Enterprise Directory. The problem is caused by a
bug in the IBM Directory software that we have reported to IBM. They have acknowledged the problem and it is currently with their tier 3 support
group. The current work around is to take a full dump daily from the directory and then ILM will continue its process to update AD. Another
outstanding issue is the process of establishing procedures and test code to synchronize passwords in Active Directory and the campus external
Kerberos realm. We are hopeful that this will be completed within the next few weeks.
We started migrating internal desktops in OIT into the production infrastructure. To date, we successfully migrated 50 desktops. As we encounter
problems with the migration process, we are refining our migration procedures. Issues that we have run across include the following:
- For machines that are backed up using the campus backup server (TSM), users need to inform the Enterprise Backup and Storage
Group prior to the desktop rename that takes place during pre-migration. To do this, send email to
backups-help@umd.edu and include the current
and new name along with the date that you plan to rename the machine. Once the backup group is notified, they will change the node name on the
TSM system to avoid a second full backup of the desktop.
- For hard drives that are encrypted, users need to decrypt their files before the pre-migration process. Once the machine has been migrated
to AD the files can be re-encrypted.
- Some laptops were experiencing slow logins when not on the campus subnet. The problem was caused by the restriction of some
network ports on the domain controllers. As a result users saw long time outs during logins. We resolved this issue by restricting access to the
domain controller to campus traffic only.
Lastly, we are finalizing the Acceptable Use Document, Policies, and MOU for Departments/Units to join the AD infrastructure and for Organizational
Unit Administrators to follow. This process should be completed within the next 2 weeks.
To view a listing of previous project-related announcements, read the
project status updates page.
What is Active Directory?
Active Directory (AD) is the database of user accounts, groups, computers,
and other resources that comprise a Windows Server based network environment.
The user accounts in our Active Directory are created by and synchronized
with the campus enterprise directory server using Microsoft's Identity Manager
Server 2007.
Brief Project Description:
The purpose of this project is to create a centrally managed infrastructure
to maintain and secure Microsoft Windows 2003 and 2008 servers and desktops
throughout campus. This infrastructure will provide centralized
authentication, authorization, and management services for Windows-based
computers and applications. To achieve this goal, units within Office of
Information Technology (OIT) and representatives from campus departments are
working with an outside consultant to create an AD structure that will be
scalable, provide centralized and secure authentication, distributed
administration, security, and patch management. A campus Active Directory
is required to realize the full potential of other projects such as Microsoft
Exchange, Voice over Internet Protocol (VoIP), and SharePoint (MOSS 2007).
For a list of Frequently Asked Questions see
Active Directory Frequently Asked Questions (FAQ).
|
