Presentation is loading. Please wait.

Presentation is loading. Please wait.

College of Engineering AD Migration Kathleen Booth

Similar presentations


Presentation on theme: "College of Engineering AD Migration Kathleen Booth"— Presentation transcript:

1 College of Engineering AD Migration Kathleen Booth (ervin@illinois.edu)

2 Engineering You?

3 Lesson: Allow yourself Time  Many steps will take time  2 types of steps

4 Shouldn’t skimp

5 Can’t skimp

6 Things to do (incomplete) * Migrate Exchange (DONE!..ooops) * OU Structure * OU Policies * Group policies * Pre-populate UofI AD (groups, computers) * Prepare file permissions * Migrate computers * Clean Up (Exchange) * Delete everything from UIUC * Relax…….

7 Lesson: Design (the first)  You have to live in it.  DESIGN WELL  For IT use

8 OU Design Constraints (Don’t read this.)  Facilitate migration to Exchange 2010 and Unified Communications  Minimize duplication of data  Structure must simplify work flow for unified IT service organization  Engineering Organizational Unit must contain all Active Directory assets for the College of Engineering  Engineering Organizational Unit must contain only Active Directory assets for the College of Engineering  Top level sub-OUs must be kept as generic as possible to reduce the need to change them in the future  Design must be flexible enough to accommodate unforeseen use cases  The purpose of all AD objects must be well documented  Design must simplify security and business policy auditing and compliance

9 Simplified OU design goal  OU Policies and design must make IT support more effective and sustainable.

10 Think about  What works, what doesn’t in UIUC?  Who needs access to what in the OU?  What are objects going to be named?  Who supports what?  What is supported more like what?  What type of things do you support?

11 Engineering DelegatedDesktops Admin Dept Instructional Dept Research Dept Research Group MobileDevices Admin Instructional Research ServersUsersAndGroups AdminResearchInstructional**Exchange** Admin Instructional Research OU Structure (Simplified)

12 Lesson: You WILL forget stuff Document DOCUMENT

13 Some Documentation Methods  AD object descriptions  Wiki (or elsewhere)  Names of Objects Computer object: scheme: building-room-number example: mrl-270-02 Access Groups: scheme: unit-descriptiveresource-access example: engradm-ipeng-access

14 Lesson: GPOs  Group policies are awesome, wonderful, powerful, and dangerous  Use them. Carefully.

15 GPO Design Constraints  One thing per GPO, clearly named  Minimize duplication  Link at the highest point in tree possible  Fewest GPOs per computer possible  New GPO, not inheritance blocking

16 Group Policies Desktops OU DesktopUpd ates Redirect Files Dept1 OU DeptPrinters DeptDriveMa pings Organizational Unit Conference Rooms Disable Redirection

17 Boots on the Ground

18 Lesson: Clean From the Start  (Ok, so half planning/half boots on the ground)  You won’t clean it up  Permissions  Groups

19 An Ugly Slide…

20 Lesson: Just do it  Don’t get bogged down by tools.  Use whatever works.  It’s a one-off experience

21 Option: Netdom  Command line tool  Pro: Can rename and domain join many machines  Con: No Profile Migration

22

23 Option: Reinstall  XP to Windows 7

24 Mini-Lesson: Manual WILL happen  There will be edge cases  Basically: Change name, change domain.

25 Old Gotchas  Profiles & Office templates, Outlook archives, FF bookmarks, etc  UIUC\user and UOFI\user not the same thing  DFS paths that point to UIUC (recent documents, Office fails  Slow logins – first time

26 New gotchas  Run profile wizard before migration (SID history)  Make SURE you have a local admin account  Token bloat, group limitations (IT staff)  WHERE IS YOUR COMPUTER? GIVE ME YOUR COMPUTER!  This group does WHAT?

27 Bonus Lesson: Shiny tarnishes  Get it all right as it goes in  Then plan a way to keep it that way

28 What about UIUC?

29 Lesson*: Be diligent  Computers: Disable, delete  Groups: Empty (record!), delete  OUs: Delete  Permissions: Remove

30 Recap  Allow enough time  DESIGN WELL  Put it into the new domain clean  And keep it that way!

31 Any Questions

32 Resources Netdom: http://technet.microsoft.com/en- us/library/cc772217(WS.10).aspx ForensIT: http://www.forensit.com/


Download ppt "College of Engineering AD Migration Kathleen Booth"

Similar presentations


Ads by Google