Active Directory Structure June 2011 Erick Engelke.

Slides:

Advertisements

Similar presentations

System Administrator Roles in Supporting Site Customizations Lynn Ritger Software Integrations Coordinator, FASTER Asset Solutions.

Advertisements

Introduction to Physics IT Support. To learn about IT Support available with the Department of Physics, and across the University. To find out a little.

Active Directory Structure By Erick Engelke and Bruce Campbell.

1 Presentation for Workflow Assessment July 12, 2012 RFP Q

New Staff Orientation Kay Carlisi Instructional Computing Coordinator.

New Staff Orientation Kay Carlisi Instructional Computing Coordinator.

PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.

Public Key Infrastructure at the University of Pittsburgh Robert F. Pack, Vice Provost Academic Planning and Resources Management March 27, 2000 CNI Spring.

 Background on the AD project  Status on migrations  Migration process.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

June 1, 2001 Enterprise Directory Service at College Park David Henry Office of Information Technology University of Maryland College Park

Middleware & Enterprise Services at College Park David Henry Office of Information Technology November 16, 2001.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

Introduction To Windows NT ® Server And Internet Information Server.

Streamlining Support and Management through the Implementation of Active Directory Educause 2003 Mid-Atlantic Regional Gale D. Fritsche –

© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.

Chapter 7 WORKING WITH GROUPS.

Windows 2000 and Active Directory Services at UQ Scott Sinclair Senior Systems Programmer Software Infrastructure Group

Active Directory: OU Administration December 17th, pm Daniels 407.

UW Windows Authentication Group Multiple forest scenario task force - Testing report and recommendations.

70-270: MCSE Guide to Microsoft Windows XP Professional Chapter 5: Users, Groups, Profiles, and Policies.

Copyright © 2007, SAS Institute Inc. All rights reserved. SAS Activity-Based Management Survey Kit (ASK): User Management & Security.

Digital Identity Management Strategy, Policies and Architecture Kent Percival A presentation to the Information Services Committee.

Introduction to Grouper Part 1: Access Management & Grouper Tom Barton University of Chicago and Internet2 Manager – Grouper Project.

1 Group Account Administration Introduction to Groups Planning a Group Strategy Creating Groups Understanding Default Groups Groups for Administrators.

Active Directory Consolidation: Phase 3 Update Colin Bell (cpbell) April 4, 2013.

AHS COMPUTING Introduction to Computing. AHS Computing Personnel.

User Manager for Domains.  Manages the user accounts in a domain  It is located in the PDC  While User Manager exists in each NT machine, but it is.

Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.

WNAG: Advisory Report Presented to: UCIST by: Stephen Sempson.

Review of NWS IT Consolidation Efforts For HIC Meeting July 2006 Tom Schwein Team Leader of Desktop Management Tiger Team SOD CRH.

Security Planning and Administrative Delegation Lesson 6.

Open MTIP Meeting April 5, Issues with current lab setup (from last meeting) Easier/faster application deployment and maintenance Client diversity.

ACTIVE DIRECTORY : AN INTRODUCTION The Network Team Knox County Schools.

SQL Server Security By Mattias Lind For PASS Security VC.

70-270: MCSE Guide to Microsoft Windows XP Professional 1 Windows XP Professional User Accounts Designed for use as a network client for: Windows NT Windows.

Active Directory Harikrishnan V G 18 March Presentation titlePage 2 Agenda ► Introduction – Active Directory ► Directory Service ► Benefits of Active.

Identity Management in the Environment of Mendel University in Brno Milan Šorm.

1 Chapter Overview Understanding User Accounts Planning New User Accounts Creating, Modifying, and Deleting User Accounts Setting Properties for User Accounts.

Windows SharePoint Services Managing users and rights.

AHS COMPUTING INTRODUCTION TO COMPUTING. AHS COMPUTING PERSONNEL.

Claims-Based Identity Solution Architect Briefing zoli.herczeg.ro Taken from David Chappel’s work at TechEd Berlin 2009.

Page 1 User Accounts Lecture 3 Hassan Shuja 09/21/2004.

Administering Groups Chapter Eight. Exam Objectives In this Chapter:  Plan a security group hierarchy based upon delegation requirements  Plan a security.

Virtualization Technology and Microsoft Virtual PC 2007 YOU ARE WELCOME By : Osama Tamimi.

WNAG: Advisory Report Presented to: UCIST By: Stephen Nickerson February 3, 2006.

Be Microsoft’s first and best customer Enabling world-class and predictable customer, client, and partner experience Protecting Microsoft’s physical and.

Identity Management at Waterloo Isaac Morland. What is Identity? What am I actually talking about, anyway?

CEG 2400 Fall 2012 Directory Services Active Directory Tree Domain.

Irakli Garibashvili Director, National Scientific Library in Georgia.

Unit 7 ITT TECHNICAL INSTITUTE NT1330 Client-Server Networking II Date: 2/3/2016 Instructor: Williams Obinkyereh.

Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.

SharePoint and Active Directory Update March 18, 2010.

DocuShare Replacement with SharePoint and Active Directory

© ExplorNet’s Centers for Quality Teaching and Learning 1 Describe applications and services. Objective Course Weight 5%

Software sales at U Waterloo Successfully moved software sales online Handle purchases from university accounts Integrated with our Active Directory and.

Windows Active Directory – What is it? Definition - Active Directory is a centralized and standardized system that automates network management of user.

Tuque Automated Software Distribution System By Erick Engelke.

BUILDING A NEW ACTIVE DIRECTORY Smita Carneiro, GCWN Active Directory Systems engineer Purdue University.

Secure Connected Infrastructure

Erick Engelke Engineering Computing June 2016

City-wide Active Directory Project Town Hall II

Office of Technology Integration

Active Directory Administration

ESA Single Sign On (SSO) and Federated Identity Management

Windows NT to 2000/XP Migration at SLAC

GALILEO Approach and implementation

Administering Your Network

Delegation of Control Manage Active Directory Objects 3.7

ACTIVE DIRECTORY An Overview.. By Karan Oberoi.

Presentation transcript:

Active Directory Structure June 2011 Erick Engelke

Starting Point

Top Level Structure

People Organization

People Administered primarily by WatIAM Second account for elevated privileges (!) Optional second or third account for lesser privileges (_) Use of smartcards for some people Like passport – personal userids cannot be shared Use other mechanisms to share data Userid/password equivalent to a signature (pki coming) Generic accounts can have more than one person – eg. helpdesk, askawarrior, WatIAm will treat these differently

Below Each Unit Users – WatIAm managed Hidden – WatIAm managed, not public Support - !erick, _erick and mssql service accounts Generic – WatIAm managed, roles Legacy – accounts from the old ADs which haven’t been worked out yet

Administration OU Alumni Authentication only – auth, but don’t allow logins Corporate – contractors Guests – wireless access, logins too Non-UW – permanent people not staff Orphaned Support – privileged, harder passwords

Groups Organization

Groups Very useful for managing access to data WatIAM will manage some groups –isaFaculty, isaStaff, isaStudent lists –Course lists –Departmental lists –These lists define who is ACTIVE Delegated access to groups OU

WatIAm Dept Groups Auto management of department lists –Drupal – lists of staff –Sharepoint – departmental sites –Labs – who can use special software –Servers – who can access data –Podiums ? Eg. Erick is in both IST and EngComp now

Naming Conventions Groups, servers, print queues need names A list of prefixes is in the document –sju_ – St. Jeromes University –math_ - math –env_ - environment –uw_ - campus, eg. UCIST –IdM_ - ID management system… WatIAm

Workstations Organization

Workstations subtree follows organization of university workstation management IST manages many administration PCs Library and residences have own IT shops Much software purchased and policies set at faculty level Non-windows machines also in the tree

Summary Domain should be as simple as possible while reflecting the structure of UW Future services like video conferencing and digital signing will make use of AD Economize effort, minimize duplication Take the best of ADS and Nexus

Next Steps Create a test AD with the new structure, make sure WatIAm doesn’t hiccup Implement the new AD structure in ADS, Nexus and WatIAM Migrate accounts from ADS to Nexus (this is a non-destructive copy, then account exist in both domains) –For existing nexus users, just copy the ADS SID into Nexus SidHistory field –For non-Nexus users, copy the whole account over, including password (new SID, but old SidHistory) –Do group migrations too Get WatIAM creating/managing accounts in both domains At this point, all the users are moved. Document everything, then we can start thinking about servers and workstations

Following Steps Migrate SharePoint server Begin migrating workstations Migrate workgroup servers Migrate databases systems Migrate wireless Migrate UWace

Timetable March 2011 – discovery stage April 2011 – begin design documentation May 2011 – begin tests of migration tools July 2011 – begin migrating real accounts Sept – March 2012 –Workstations, servers, databases, etc.

The End Thank you.