1. City-wide Active Directory Project Town Hall II
5/20/2018 6:35 PM
Active Directory
City and County of San Francisco
City-wide Active Directory Project
Town Hall II
© 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2. Agenda Introductions and Recap Town Hall I Review and Q&A
Proposed AD Architecture
Proposed Project Timeline
Path Forward
Questions

3. Project Update Review: Q&A from Town Hall I Project Status Services
Authorizations
AD Interfaces
Security Policies

4. Q&A from Town Hall I - Project Status
Is the AD infrastructure already in place?
How will departments who wish to participate in City-wide AD be incorporated?
What is the roll-out plan for departments who wish to participate under the City-wide AD?
Site Assessments

5. Q&A from Town Hall I - Services
What are the service offerings?
Show how the ability to share resources across departments will be facilitated.
If a department already has Windows 2008, can Federation Services be installed?

6. Q&A from Town Hall I - Authorizations
Will this architecture work for sharing drives between departments?
Is it possible for departments to access each other’s data using Federation?
Under the City-wide AD, how are OU’s authorized to share resources between OU’s?

7. Q&A from Town Hall I - Interfaces
Was it reported that Exchange Online will not support a Federated model?
How will be accessed out-of-network ?
Is City-wide AD a pre-requisite for Exchange Online?

8. Q&A from Town Hall I - Security Policies
Define auditing and control procedures?
How will the forest root enterprise admin credentials be secured?
Define how security boundaries (OU) will be scalable and effective.
Define how legally mandated network isolation will be supported, e.g. PCI, HIPPA.
How will network security and administrative overhead be balanced?

9. Flat Architecture
ARCHITECTURE

10. City-wide Active Directory Topology
Migrate all users into the contoso.com forest, leaving the .treb forest with application servers (a resource forest) in the ca.treb (963 servers) and us.treb (587 servers).
New servers would be provisioned into the contoso.com forest, upgrades or refresh of .treb servers can be evaluated on a case by case business.

11. City-wide Active Directory Federation
Migrate all users into the contoso.com forest, leaving the .treb forest with application servers (a resource forest) in the ca.treb (963 servers) and us.treb (587 servers).
New servers would be provisioned into the contoso.com forest, upgrades or refresh of .treb servers can be evaluated on a case by case business.

12. City-wide Active Directory Participation
Migrate all users into the contoso.com forest, leaving the .treb forest with application servers (a resource forest) in the ca.treb (963 servers) and us.treb (587 servers).
New servers would be provisioned into the contoso.com forest, upgrades or refresh of .treb servers can be evaluated on a case by case business.

13. PARTICIPATION BENEFITS
Architectural Benefits
FEDERATED BENEFITS
PARTICIPATION BENEFITS
PLUS…
Authentication Services
Services: Certification, File, and Print
Standardized Server Builds and Policies
Standardized Workstation Builds and Policies
Standardized OU Structures
Automated Software Distribution
Application Support
Enterprise Group Policies
Security Policies e.g. Access, Password Admin
Delegated Administration
Preserves autonomy of agency control
Better integration, increased security and control of city-wide identities
Improved capabilities for Multi- and Inter- Agency Initiatives.
City-wide (Exchange Online )
SharePoint Collaborations
Web Single Sign-on Access

14. DT Active Directory Timeline
Projects
DT Migration Begins
DT Migration Completed (with full service availability)
Active Directory Infrastructure Built
DT to Exchange Online Migrated
AD Root Migration Completed
Migration from Novell to Active Directory
Implement Interface Architecture
Baseline Policy definitions, e.g. Security, Server
Site Assessments
Other city agency rollout
Present
March
2011
Future
DT’s Migration into City-wide AD Services
Authentication Services
Standard Builds
File, Printer Services
Certificate
Services
Group Policies
City-wide Wireless

15. Town Hall II Summary By March, 2011,
DT Migration from Novell to Active Directory
Implement AD Architecture
Baseline Policy definitions, e.g. Security, Server
Departmental Survey and Interviews
Perform AD/ Site Assessments
Determine Rollout Schedule w/ other Agencies

16. City-wide Active Directory
Questions