Current Project Status
Updated: March 14, 2008
We successfully loaded the development Active Directory environment with
user accounts (100k+) from the campus LDAP directory. Auto provisioning
of security groups based on departments, classification, majors, and
course registration is working. Verification that users are being
provisioned to the correct groups is underway. Once this testing is
complete, we will deploy to our production environment.
We decided that we will synchronize passwords in Active Directory and the
campus external Kerberos realm. This decision was made based on
information we received from Microsoft and staff at other Universities
regarding possible issues with authentication to Exchange 2007,
authentication to file shares from non-domain machines, and to
applications that still rely on NTLMv2. The logins for workstations that
are part of the forest will default to the external Kerberos realm for
authentication. It is our hope that one day all applications will be
Kerberos aware and we will not have a need to synchronize passwords.
At present, OIT is working on plans for the migration of internal
workstations that currently connect to Windows and Novell file servers.
Our goal is to start migrating machines to the production environment by
the end of this month. During OIT's migration period, we will work out
any bugs that we come across and complete our documentation. We remain on
schedule with the timeline that was laid out in my February update.
The build out of the production environment is nearly complete except for
the following items:
- Windows Update Server
- DFS file shares
- Group Policy
- File sharing rights
Lastly, we will form a subcommittee to assist with the creation of a MOU
that all department administrators and department heads will have to sign
before joining the AD. This committee will consist of OIT, departmental
administrators, and the campus data stewards. This document will lay out
rules that will govern the new environment.
To view a listing of previous project-related announcements, read the
project status updates page.
What is Active Directory?
Active Directory (AD) is the database of user accounts, groups, computers,
and other resources that comprise a Windows Server based network environment.
The user accounts in our Active Directory are created by and synchronized
with the campus enterprise directory server using Microsoft's Identity Manager
Server 2007.
Brief Project Description:
The purpose of this project is to create a centrally managed infrastructure
to maintain and secure Microsoft Windows 2003 and 2008 servers and desktops
throughout campus. This infrastructure will provide centralized
authentication, authorization, and management services for Windows-based
computers and applications. To achieve this goal, units within Office of
Information Technology (OIT) and representatives from campus departments are
working with an outside consultant to create an AD structure that will be
scalable, provide centralized and secure authentication, distributed
administration, security, and patch management. A campus Active Directory
is required to realize the full potential of other projects such as Microsoft
Exchange, Voice over Internet Protocol (VoIP), and SharePoint (MOSS 2007).
For a list of Frequently Asked Questions see
Active Directory Frequently Asked Questions (FAQ).
|
