Presentation is loading. Please wait.

Presentation is loading. Please wait.

Campus Active Directory Update Jim Green, Academic Technology Services Victor Lounds, Administrative Information Services Dave Carter, College of Agriculture.

Published byElvin Maxwell Modified over 8 years ago

Similar presentations

Presentation on theme: "Campus Active Directory Update Jim Green, Academic Technology Services Victor Lounds, Administrative Information Services Dave Carter, College of Agriculture."— Presentation transcript:

1 Campus Active Directory Update Jim Green, Academic Technology Services Victor Lounds, Administrative Information Services Dave Carter, College of Agriculture Matt Stehouwer, College of Natural Science

2 ATS Active Directory Update Jim Green Manager, Identity Management Team Academic Technology Services

3 Background Summer, 2009 – U. of Iowa visit by AIS and ATS upper management Proposal for ATS Identity Management-operated AD domain – w/Kerberos, LDAP/Directory services, Netid, Shibboleth Fall 2009 – research, setup for Computer Labs standalone domain – Penn State, U. of Iowa conference calls Spring, 2010 – ATS reorganization – ATS’s “services” domain, Mel Micke joins Identity Management

4 Short term goals Research to discover best practices for designing/operating AD infrastructure Support Windows login in the Computer Labs Evolve into a generalized institution-wide service offering – AD infrastructure for a centrally-supported MS Exchange service offering – Other authentication/authorization applications, e.g. 802.1x Coordinate with AIS and other units Work toward a coherent plan

5 Computer Labs AD domain Standalone domain – To be replaced by proposed central AD domain Will be rolled out to all labs by Fall, 2010 Four domain controllers Populated with all MSU netids, not just current Licensed via machine CALs Authenticates via pass-through to MIT Kerberos – Kerberos registry patch applied to workstations

6 Tentative design proposals Top level domain Authentication with MSU netid and password – Pass-through or sync Populate with current faculty, staff, students, affiliates Populate with attributes needed for authorization – E.g. departments for 802.11x, etc. MS Exchange, other service offerings to be operated by ATS Systems & Infrastructure team Delegated management through Organizational Units

7 Coordination Activities Meetings with College of Agriculture and College of Natural Science AIS shared consultant’s report and information about their AD initiative Working group formed with representatives from Ag, Nat Sci, AIS, and ATS Joint testbed put up

8 Issues Competing priorities, notably including EBSP Licensing Is Identity Management the best location for this service? Organizational and policy logistics Security Design choices to best meet MSU institutional needs

9 AIS Active Directory Update Victor Lounds, Administrative Information Services

10 What has AIS learned from our Development Environment? After discussions with Microsoft AD support groups and contractors we were able to identify several issues A multi-domain forest does not scale A domain is not a security boundary Although an empty forest can separate higher level roles, it does not gain any additional functionality or reliability Single Forest / Single Domain

11 How can a centralized AD be managed? Establishing methods for Adding Removing Tracking changes Reporting Naming Conventions Establishing a Processes for Administrative Changes

12 What about Kerberos & Active Directory? MSUNet Kerberos authentication is a concern because of… o Password Management o AD / MSU Kerberos o Test o Q/A o Production

13 CANR and CNS Active Directory Update Dave Carter, College of Agriculture Matt Stehouwer, College of Natural Science

14 Sharing of Resources Exchange SharePoint Knowledge Datacenter Cost CANR and CNS Partnership

15 Exchange CANR Forest CANR Forest CNS Forest CNS Forest SharePoint One way trust Resource Forest FIM TMG FIM – Forefront Identity Manager

16 Shared DataCenter at Computer Center

17 ANR & CNS Environment

18 Campus Active Directory Under Testing

19 Campus AD Campus Resource Forest College Forest Exchange AD Servers MIT Kerberos FIM

20 Campus Active Directory Update Jim Green, ATS– jfgreen@msu.edujfgreen@msu.edu Victor Lounds, AIS - loundsv@msu.eduloundsv@msu.edu Dave Carter, CANR – carte211@msu.educarte211@msu.edu Matt Stehouwer, CBS – stehouw2@msu.edustehouw2@msu.edu adfuture@list.msu.edu

Download ppt "Campus Active Directory Update Jim Green, Academic Technology Services Victor Lounds, Administrative Information Services Dave Carter, College of Agriculture."

Similar presentations

Agenda AD to Windows Azure AD Sync Options Federation Architecture

Agenda AD to Windows Azure AD Sync Options Federation Architecture
KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.

KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.
Identity Management at the University of Florida Mike Conlon, Director of Data Infrastructure University of Florida, Gainesville, Florida Background Identity.

Identity Management at the University of Florida Mike Conlon, Director of Data Infrastructure University of Florida, Gainesville, Florida Background Identity.
Access Control Chapter 3 Part 3 Pages 209 to 227.

Access Control Chapter 3 Part 3 Pages 209 to 227.
CORNELL Campus Active Directory Consolidation Campus IT Forum September 27, 2011 Andrea Beesing, CIT Infrastructure Division CORNELL.

CORNELL Campus Active Directory Consolidation Campus IT Forum September 27, 2011 Andrea Beesing, CIT Infrastructure Division CORNELL.
Integration: Office 365 Brian Arkills Software Engineer, LDAP geek, AD bum, and Associate Troublemaking Officer Identity and Access Management, UW-IT.

Integration: Office 365 Brian Arkills Software Engineer, LDAP geek, AD bum, and Associate Troublemaking Officer Identity and Access Management, UW-IT.
1 Preparing Windows 2000 installation (Week 3, Wednesday 2/25/2006) © Abdou Illia, Spring 2006.

1 Preparing Windows 2000 installation (Week 3, Wednesday 2/25/2006) © Abdou Illia, Spring 2006.
Auditing Active Directory Presented to the National State Auditors Association 2014 Information Technology Conference.

Auditing Active Directory Presented to the National State Auditors Association 2014 Information Technology Conference.
Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.

Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.
UW Windows Infrastructure: Delegated OUs Brian Arkills Software Engineer, LDAP geek, AD bum, and Associate Troublemaking Officer Identity and Access Management,

UW Windows Infrastructure: Delegated OUs Brian Arkills Software Engineer, LDAP geek, AD bum, and Associate Troublemaking Officer Identity and Access Management,
Introduction to Active Directory

Introduction to Active Directory
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Windows 2000 Arizona State University Windows 2000 Infrastructure Mehran Yahya Information Technology Patricia M. Schneider Information Technology – East.

Windows 2000 Arizona State University Windows 2000 Infrastructure Mehran Yahya Information Technology Patricia M. Schneider Information Technology – East.
Colorado State University’s Active Directory Environment Presented by the ACNS Windows Group Windows Administrators Advisory Group Meeting Feb 22 2011.

Colorado State University’s Active Directory Environment Presented by the ACNS Windows Group Windows Administrators Advisory Group Meeting Feb
Copyright Anthony K. Holden, 2003. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Copyright Anthony K. Holden, This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
The Access Management Puzzle: Putting the Pieces Together Identity and Access Management at the UW Ian Taylor Manager of Security Middleware University.

The Access Management Puzzle: Putting the Pieces Together Identity and Access Management at the UW Ian Taylor Manager of Security Middleware University.
Streamlining Support and Management through the Implementation of Active Directory Educause 2003 Mid-Atlantic Regional Gale D. Fritsche –

Streamlining Support and Management through the Implementation of Active Directory Educause 2003 Mid-Atlantic Regional Gale D. Fritsche –
Enabling Cloud Services & Federated Authentication UPN & Email Infrastructure Changes Chris Pruess ITS AIS Directory & Authentication Services.

Enabling Cloud Services & Federated Authentication UPN & Infrastructure Changes Chris Pruess ITS AIS Directory & Authentication Services.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.

A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.

Similar presentations

Ads by Google